Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying A CISO Guide to Cyber Resilience
  • Table Of Contents Toc
  • Feedback & Rating feedback
A CISO Guide to Cyber Resilience

A CISO Guide to Cyber Resilience

By : Debra Baker
5 (12)
Buy this Book
close
close
A CISO Guide to Cyber Resilience

A CISO Guide to Cyber Resilience

5 (12)
By: Debra Baker
Buy this Book

Overview of this book

This book, written by the CEO of TrustedCISO with 30+ years of experience, guides CISOs in fortifying organizational defenses and safeguarding sensitive data. Analyze a ransomware attack on a fictional company, BigCo, and learn fundamental security policies and controls. With its help, you’ll gain actionable skills and insights suitable for various expertise levels, from basic to intermediate. You’ll also explore advanced concepts such as zero-trust, managed detection and response, security baselines, data and asset classification, and the integration of AI and cybersecurity. By the end, you'll be equipped to build, manage, and improve a resilient cybersecurity program, ensuring your organization remains protected against evolving threats.
Table of Contents (20 chapters)
close
close
Preface
In Progress | 0 / 9 sections completed | 0%
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Conventions used
Icon
Get in touch
Icon
Reviews
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
Free Chapter
1
Part 1: Attack on BigCo
In Progress | 0 / 1 sections completed | 0%
Icon
Part 1: Attack on BigCo
2
Chapter 1: The Attack on BigCo
In Progress | 0 / 4 sections completed | 0%
Icon
Chapter 1: The Attack on BigCo
Icon
BigCo – the attack
Icon
BigCo – cross-team co-ordination
Icon
Summary
3
Part 2: Security Resilience: Getting the Basics Down
In Progress | 0 / 1 sections completed | 0%
Icon
Part 2: Security Resilience: Getting the Basics Down
4
Chapter 2: Identity and Access Management
In Progress | 0 / 6 sections completed | 0%
Icon
Chapter 2: Identity and Access Management
Icon
Two-factor authentication and why you need it
Icon
Password complexity and NIST 800-63-3B
Icon
Password manager
Icon
Quick reference
Icon
Summary
5
Chapter 3: Security Policies
In Progress | 0 / 5 sections completed | 0%
Icon
Chapter 3: Security Policies
Icon
Where are your policies, and are they being used?
Icon
Compliance begins with laws and regulations
Icon
Importance of Due diligence
Icon
Summary
6
Chapter 4: Security and Risk Management
In Progress | 0 / 7 sections completed | 0%
Icon
Chapter 4: Security and Risk Management
Icon
What is risk management?
Icon
Identifying risks
Icon
Monitoring your controls
Icon
Key performance indicators (KPIs)
Icon
Quick reference
Icon
Summary
7
Chapter 5: Securing Your Endpoints
In Progress | 0 / 11 sections completed | 0%
Icon
Chapter 5: Securing Your Endpoints
Icon
Antivirus/anti-malware
Icon
Virtual private network (VPN)
Icon
Moving to remote work
Icon
Testing your home firewall
Icon
Network access control (NAC) and Zero Trust
Icon
Application firewall
Icon
Securing your browser
Icon
Turning on your application firewall
Icon
Okta hack
Icon
Summary
8
Chapter 6: Data Safeguarding
In Progress | 0 / 8 sections completed | 0%
Icon
Chapter 6: Data Safeguarding
Icon
Offline backups
Icon
Testing your backups
Icon
Cryptographic hashing
Icon
Availability in the cloud
Icon
Business continuity
Icon
Disaster recovery
Icon
Summary
9
Chapter 7: Security Awareness Culture
In Progress | 0 / 4 sections completed | 0%
Icon
Chapter 7: Security Awareness Culture
Icon
Security awareness training is foundational
Icon
Security is everyone’s responsibility
Icon
Security awareness training is mandatory and tracked
10
Chapter 8: Vulnerability Management
In Progress | 0 / 5 sections completed | 0%
chevron up
Icon
Chapter 8: Vulnerability Management
Icon
What are software vulnerabilities?
Icon
Prioritizing your remediations
Icon
Securing your code
Icon
Summary
11
Chapter 9: Asset Inventory
In Progress | 0 / 6 sections completed | 0%
Icon
Chapter 9: Asset Inventory
Icon
Asset inventory
Icon
Change management
Icon
Mobile device management (MDM)
Icon
Knowing your network
Icon
Summary
12
Chapter 10: Data Protection
In Progress | 0 / 5 sections completed | 0%
Icon
Chapter 10: Data Protection
Icon
Encrypt your data!
Icon
What is PII? It depends…
Icon
Third-party risk management
Icon
Summary
13
Part 3: Security Resilience: Taking Your Security Program to the Next Level
In Progress | 0 / 1 sections completed | 0%
Icon
Part 3: Security Resilience: Taking Your Security Program to the Next Level
14
Chapter 11: Taking Your Endpoint Security to the Next Level
In Progress | 0 / 7 sections completed | 0%
Icon
Chapter 11: Taking Your Endpoint Security to the Next Level
Icon
Endpoint detection and response (EDR) – Focusing on the “R”
Icon
Managed detection and response (MDR)
Icon
Extended detection and response (XDR)
Icon
Cloud security posture management (CSPM)/Cloud-native application protection program (CNAPP)
Icon
Zero trust vs. software-defined perimeter
Icon
Summary
15
Chapter 12: Secure Configuration Baseline
In Progress | 0 / 5 sections completed | 0%
Icon
Chapter 12: Secure Configuration Baseline
Icon
Security baseline
Icon
System and Organizational Controls (SOC) 2
Icon
Creating your security baseline
Icon
Summary
16
Chapter 13: Classify Your Data and Assets
In Progress | 0 / 7 sections completed | 0%
Icon
Chapter 13: Classify Your Data and Assets
Icon
Start with your data
Icon
Classifying your assets
Icon
Monitoring
Icon
Subnetting
Icon
Segmentation
Icon
Summary
17
Chapter 14: Cyber Resilience in the Age of Artificial Intelligence (AI)
In Progress | 0 / 8 sections completed | 0%
Icon
Chapter 14: Cyber Resilience in the Age of Artificial Intelligence (AI)
Icon
ChatGPT
Icon
What is responsible AI?
Icon
Secure AI framework (SAIF)
Icon
AI and cybersecurity – The good, the bad, and the ugly
Icon
AI bias
Icon
NIST AI RMF
Icon
Summary
18
Index
In Progress | 0 / 2 sections completed | 0%
Icon
Index
Icon
Why subscribe?
19
Other Books You May Enjoy
In Progress | 0 / 4 sections completed | 0%
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

Prioritizing your remediations

Vulnerability prioritization is the only way to properly deal with the enormous number of vulnerabilities that are published on a daily basis. Just because a CVE is rated as a 10 doesn’t necessarily mean that it is the highest priority to remediate at your company. I know this seems counter-intuitive, but there are several factors you need to take into account when prioritizing vulnerabilities:

  • CISA’s KEV Catalog
  • CVSS metrics:
    • Attack Vector
    • Attack Complexity
    • Privileges Required
  • CVE score

CISA’s KEV Catalog

CISA created a known exploited vulnerability catalog that is invaluable when deciding which vulnerabilities to patch and by when. Essentially, when it’s discovered that hackers are exploiting a specific vulnerability, CISA will add it to the catalog with a due date. As you can see in Figure 8.3, CISA has the CVE ID, vendor, description, action to take, and due date. The due date is critical and needs...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 3
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY