Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying A CISO Guide to Cyber Resilience
  • Table Of Contents Toc
  • Feedback & Rating feedback
A CISO Guide to Cyber Resilience

A CISO Guide to Cyber Resilience

By : Debra Baker
5 (12)
Buy this Book
close
close
A CISO Guide to Cyber Resilience

A CISO Guide to Cyber Resilience

5 (12)
By: Debra Baker
Buy this Book

Overview of this book

This book, written by the CEO of TrustedCISO with 30+ years of experience, guides CISOs in fortifying organizational defenses and safeguarding sensitive data. Analyze a ransomware attack on a fictional company, BigCo, and learn fundamental security policies and controls. With its help, you’ll gain actionable skills and insights suitable for various expertise levels, from basic to intermediate. You’ll also explore advanced concepts such as zero-trust, managed detection and response, security baselines, data and asset classification, and the integration of AI and cybersecurity. By the end, you'll be equipped to build, manage, and improve a resilient cybersecurity program, ensuring your organization remains protected against evolving threats.
Table of Contents (20 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Conventions used
Icon
Get in touch
Icon
Reviews
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
Free Chapter
1
Part 1: Attack on BigCo
Icon
Part 1: Attack on BigCo
2
Chapter 1: The Attack on BigCo
Icon
Chapter 1: The Attack on BigCo
Icon
BigCo – the attack
Icon
BigCo – cross-team co-ordination
Icon
Summary
3
Part 2: Security Resilience: Getting the Basics Down
Icon
Part 2: Security Resilience: Getting the Basics Down
4
Chapter 2: Identity and Access Management
Icon
Chapter 2: Identity and Access Management
Icon
Two-factor authentication and why you need it
Icon
Password complexity and NIST 800-63-3B
Icon
Password manager
Icon
Quick reference
Icon
Summary
5
Chapter 3: Security Policies
Icon
Chapter 3: Security Policies
Icon
Where are your policies, and are they being used?
Icon
Compliance begins with laws and regulations
Icon
Importance of Due diligence
Icon
Summary
6
Chapter 4: Security and Risk Management
Icon
Chapter 4: Security and Risk Management
Icon
What is risk management?
Icon
Identifying risks
Icon
Monitoring your controls
Icon
Key performance indicators (KPIs)
Icon
Quick reference
Icon
Summary
7
Chapter 5: Securing Your Endpoints
chevron up
Icon
Chapter 5: Securing Your Endpoints
Icon
Antivirus/anti-malware
Icon
Virtual private network (VPN)
Icon
Moving to remote work
Icon
Testing your home firewall
Icon
Network access control (NAC) and Zero Trust
Icon
Application firewall
Icon
Securing your browser
Icon
Turning on your application firewall
Icon
Okta hack
Icon
Summary
8
Chapter 6: Data Safeguarding
Icon
Chapter 6: Data Safeguarding
Icon
Offline backups
Icon
Testing your backups
Icon
Cryptographic hashing
Icon
Availability in the cloud
Icon
Business continuity
Icon
Disaster recovery
Icon
Summary
9
Chapter 7: Security Awareness Culture
Icon
Chapter 7: Security Awareness Culture
Icon
Security awareness training is foundational
Icon
Security is everyone’s responsibility
Icon
Security awareness training is mandatory and tracked
10
Chapter 8: Vulnerability Management
Icon
Chapter 8: Vulnerability Management
Icon
What are software vulnerabilities?
Icon
Prioritizing your remediations
Icon
Securing your code
Icon
Summary
11
Chapter 9: Asset Inventory
Icon
Chapter 9: Asset Inventory
Icon
Asset inventory
Icon
Change management
Icon
Mobile device management (MDM)
Icon
Knowing your network
Icon
Summary
12
Chapter 10: Data Protection
Icon
Chapter 10: Data Protection
Icon
Encrypt your data!
Icon
What is PII? It depends…
Icon
Third-party risk management
Icon
Summary
13
Part 3: Security Resilience: Taking Your Security Program to the Next Level
Icon
Part 3: Security Resilience: Taking Your Security Program to the Next Level
14
Chapter 11: Taking Your Endpoint Security to the Next Level
Icon
Chapter 11: Taking Your Endpoint Security to the Next Level
Icon
Endpoint detection and response (EDR) – Focusing on the “R”
Icon
Managed detection and response (MDR)
Icon
Extended detection and response (XDR)
Icon
Cloud security posture management (CSPM)/Cloud-native application protection program (CNAPP)
Icon
Zero trust vs. software-defined perimeter
Icon
Summary
15
Chapter 12: Secure Configuration Baseline
Icon
Chapter 12: Secure Configuration Baseline
Icon
Security baseline
Icon
System and Organizational Controls (SOC) 2
Icon
Creating your security baseline
Icon
Summary
16
Chapter 13: Classify Your Data and Assets
Icon
Chapter 13: Classify Your Data and Assets
Icon
Start with your data
Icon
Classifying your assets
Icon
Monitoring
Icon
Subnetting
Icon
Segmentation
Icon
Summary
17
Chapter 14: Cyber Resilience in the Age of Artificial Intelligence (AI)
Icon
Chapter 14: Cyber Resilience in the Age of Artificial Intelligence (AI)
Icon
ChatGPT
Icon
What is responsible AI?
Icon
Secure AI framework (SAIF)
Icon
AI and cybersecurity – The good, the bad, and the ugly
Icon
AI bias
Icon
NIST AI RMF
Icon
Summary
18
Index
Icon
Index
Icon
Why subscribe?
19
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

Okta hack

The Okta hack was one of the biggest hacks of 2022. A tweet was sent on Twitter where the LAPSUS$ hacker group was bragging that they had hacked Okta. The tweets included screenshots of a customer support engineer’s computer:

Figure 5.1 ‒ LAPSUS$ announcing they had hacked Okta

Figure 5.1 ‒ LAPSUS$ announcing they had hacked Okta

Within the screenshots was a picture of the hacker logged in as a Cloudflare employee.

I was a CISO at this point, and someone at my company forwarded the tweets to me. Twitter (or X, as it is now called) is a good place to stay up on all of the latest hacks since hackers will brag on X. Also, there is a great number of cybersecurity researchers who post information on the site. If your company has an incident, then you need to do a write-up of the incident, detailing how you found out about it and the steps you took to address it. When there is an active incident at your company, you need to create a Tiger team or IR interim working group to focus on...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 10
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY