Cybersecurity for Network and Information Security by Möller, Dietmar P. F.;

Long description:

"

This book demonstrates how information security requires a deep understanding of organizations assets, threats, and processes, combined with security measures that can best protect their information security. In today’s digital world, a rigorous security approach is central to defend organizations digital systems, networks, and infrastructure resources from malicious threat incidents. Thus, the book demonstrates how information security requires a deep understanding of organizations assets, threats, and processes, combined with security measures that can best protect their information security. It provides step-by-step guidance on how to analyze organizational processes from a security perspective, while also introducing international security concepts and techniques with their requirements designing security strategies. Hence, this interdisciplinary book is intended for business and technology audiences as a professional book in the context of security trends, principles, methods, techniques, applications and best practices to help the reader mastering the material required defending against malicious threat risk incidents.
Organizations must first understand the particular threats that an organization may be prone to, including different types of security attacks, social engineering, and fraud incidents, as well as addressing applicable regulation standards. This international edition covers relevant international security standards for business application sectors and provide security controls and security planning. Security planning includes information security, network and physical security, incident response and metrics, to achieve business continuity, which include data privacy, cloud security, zero trust, secure software requirements and lifecycle, security by design and default, and artificial intelligence in security. To deal with this complexity this book includes a section on security maturity maturity level analysis.
This book targets professionals in business, IT, security, software development or security risk analysis as a reference book and advanced-level computer science students as a secondary textbook, to develop an own security plan. This book also enables computer science, information technology, or business students to implement a case study or a best practice example or a strategic security planning for an application domain of their choosing.

Table of Contents:

Introduction.- Chapter 1 Digitalization and Cybersecurity.- 1.1 Digitalization in Digital Transformation.- 1.2 Challenges in Digital Transformation.- 1.3 Cybersecurity.- 1.3.1 Cybersecurity Situational Awareness.- 1.3.2 Cybersecurity Risk Assessment.- 1.3.3 Cybersecurity Risk-Management.- 1.3.3.1 Cybersecurity Maturity Level Model.- 1.4 OT Security.- 1.5 CIA Triad.- 1.5.1 Linking CIA Triad Principles to NIST Incident Response Lifecycle.- 1.6 Cybersecurity is still Paramount.- 1.7 Exercises.- 1.8 References.- Chapter 2 Network and Information Security – NIS2.- 2.1 Network and Information Security (NIS2).- 2.2 Chapter I General Provisions (Articles 1-6).- 2.3 Chapter II Coordinated Cybersecurity Frameworks (Articles 7-13).- 2.4 Chapter III Cooperation at EU and International Level (Articles 14-19).- 2.5 Chapter IV Cybersecurity Risk-Management Measures and Reporting Obligations (Articles 20-25).- 2.6 Chapter VI Jurisdiction and Registration (Articles 26-28).- 2.7 Chapter VI Information Sharing (Articles 29-30).- 2.8 Chapter VII Supervision and Enforcement (Articles 31-37).- 2.9 Chapter VIII Delegated and Implementation Acts (Articles 38-39).- 2.10 Chapter IX Final Provisions (Articles 40-42).- 2.11 Annexes.- 2.12 Exercises.- 2.13 References.- Chapter 3 Application Domain Cybersecurity Activities.- 3.1 Risk-Management and Effectiveness Assessment of Risk-Management Measures.- 3.1.1 Risk Identification and Documentation.- 3.1.2 Risk Quantification and Documentation.- 3.1.3 Risk Assessment and Documentation.- 3.1.4 Cybersecurity and Data Risk-Management Approach.- 3.1.5 Contingency Planning as part of Risk-Governance.- 3.2 Cybersecurity Frameworks and Criteria.- 3.2.1 NIST Cybersecurity Framework (NIST CSF).- 3.2.1.1 NIST CSF Core Functions.- 3.2.1.2 NIST CSF Profiles.- 3.2.1.3 NIST CSF Tiers.- 3.2.3 MITRE ATT & CK.- 3.2.3.1 MITRE ATT & CK Model.- 3.2.4 CIS Critical Security Controls.- 3.2.5 ISO/IEC 27 K.- 3.2.6 Difference between NIS CSF and ISO/IEC 27K.- 3.2.7 Maturity Models after ISO 9004:2008/2015.- 3.3 Cybersecurity Maturity Model (CMM, CMMI): A Behavior and Process Model.- 3.3.1 Classification of Capability- and Maturity Models.- 3.4 Exercises.- 3.5 References.- Chapter 4 Application Domain Network and Information Security.- 4.1 Network and Information Security (NIS2).- 4.2 Compliance and Regulatory Pressure.- 4.3 Liability.- 4.4 NIS2 Article 21.2.- 4.4.1 Mandatory Cybersecurity Measures.- 4.4.2 Standards in Cybersecurity Risk-Management.- 4.5 Preparing for NIS2.- 4.6 Business Continuity Plan (BCP).- 4.6.1 BCP Component Risk and Impact Analysis.- 4.6.2 BCP Component Recovery Schedule.- 4.6.2.1 Recovery Point Objective (RPO).- 4.6.2.2 Recovery Time Objective (RTO).- 4.6.2.3 Maximum Tolerable Downtime (MtD).- 4.7 Emergency Communication Plan (ECOP).- 4.7.1 Important to do ́s for ECOP – A Cookbook.- 4.7.2 ECOP Topics BCM, RPO, RTO, MtD.- 4.7.3 Summarizing ECOP Action Needs.- 4.8 Exercises.- 4.9 References.- Chapter 5 EU Network and Information Security Directive (NIS2).- Conclustions.