Description: Developing Cybersecurity Programs and Policies in an AI-Driven World by Omar Santos ALL THE KNOWLEDGE YOU NEED TO BUILD CYBERSECURITY PROGRAMS AND POLICIES THAT WORK Clearly presents best practices, governance frameworks, and key standards Includes focused coverage of healthcare, finance, and PCI DSS compliance An essential and invaluable guide for leaders, managers, and technical professionals Today, cyberattacks can place entire organizations at risk. Cybersecurity can no longer be delegated to specialists: Success requires everyone to work together, from leaders on down. Developing Cybersecurity Programs and Policies in an AI-Driven World offers start-to-finish guidance for establishing effective cybersecurity in any organization. Drawing on more than two decades of real-world experience, Omar Santos presents realistic best practices for defining policy and governance, ensuring compliance, and collaborating to harden the entire organization. Santos begins by outlining the process of formulating actionable cybersecurity policies and creating a governance framework to support these policies. He then delves into various aspects of risk management, including strategies for asset management and data loss prevention, illustrating how to integrate various organizational functions—from HR to physical security—to enhance overall protection. This book covers many case studies and best practices for safeguarding communications, operations, and access; alongside strategies for the responsible acquisition, development, and maintenance of technology. It also discusses effective responses to security incidents. Santos provides a detailed examination of compliance requirements in different sectors and the NIST Cybersecurity Framework. LEARN HOW TO Establish cybersecurity policies and governance that serve your organizations needsIntegrate cybersecurity program components into a coherent framework for actionAssess, prioritize, and manage security risk throughout the organizationManage assets and prevent data lossWork with HR to address human factors in cybersecurityHarden your facilities and physical environmentDesign effective policies for securing communications, operations, and accessStrengthen security throughout AI-driven deploymentsPlan for quick, effective incident response and ensure business continuityComply with rigorous regulations in finance and healthcareLearn about the NIST AI Risk Framework and how to protect AI implementationsExplore and apply the guidance provided by the NIST Cybersecurity Framework FORMAT Paperback LANGUAGE English CONDITION Brand New Author Biography Omar Santos is a Distinguished Engineer at Cisco, focusing on artificial intelligence (AI) security, cybersecurity research, incident response, and vulnerability disclosure. He is a board member of the OASIS Open standards organization and the founder of OpenEoX. Omars collaborative efforts extend to numerous organizations, including the Forum of Incident Response and Security Teams (FIRST) and the Industry Consortium for Advancement of Security on the Internet (ICASI). Omar is the co-chair of the FIRST PSIRT Special Interest Group (SIG). Omar is the co-founder of the DEF CON Red Team Village and the chair of the Common Security Advisory Framework (CSAF) technical committee. Omar is the author of more than 25 books, 21 video courses, and more than 50 academic research papers. He is a renowned expert in ethical hacking, vulnerability research, incident response, and AI security. He employs his deep understanding of these disciplines to help organizations stay ahead of emerging threats. His dedication to cybersecurity has made a significant impact on technology standards, businesses, academic institutions, government agencies, and other entities striving to improve their cybersecurity programs. Prior to working for Cisco, Omar served in the U.S. Marines, focusing on the deployment, testing, and maintenance of Command, Control, Communications, Computer and Intelligence (C4I) systems. You can find Omar at: X: @santosomar LinkedIn: Table of Contents Introduction xviii Chapter 1: Understanding Cybersecurity Policy and Governance 2 Information Security vs. Cybersecurity Policies.. . . . . . . . . . . . . . . . 6 Looking at Policy Through the Ages.. . . . . . . . . . . . . . . . . . . . 6 Cybersecurity Policy.. . . . . . . . . . . . . . . . . . . . . . . . . . 10 Cybersecurity Policy Life Cycle.. . . . . . . . . . . . . . . . . . . . . . 28 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Chapter 2: Cybersecurity Policy Organization, Format, and Styles 46 Policy Hierarchy.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Writing Style and Technique.. . . . . . . . . . . . . . . . . . . . . . . 51 Plain Language Techniques for Policy Writing.. . . . . . . . . . 53 Policy Format.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Chapter 3: Cybersecurity Frameworks 80 Confidentiality, Integrity, and Availability (CIA). . . . . . . . . . . . . . . . 81 What Is a Cybersecurity Framework?.. . . . . . . . . . . . . . . . . . . 94 NIST Cybersecurity Framework.. . . . . . . . . . . . . . . . . . . . . 110 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Chapter 4: Cloud Security 132 Why Cloud Computing?.. . . . . . . . . . . . . . . . . . . . . . . . 133 Cloud Computing Models.. . . . . . . . . . . . . . . . . . . . . . . . 139 Cloud Governance. . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Multitenancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Core Components of the Cloud Computing Reference Architecture.. . . . . . 151 Key Concepts and Functional Layers of Cloud Computing. . . . . . . . . . 152 Understanding Top Cybersecurity Risks in Cloud Computing. . . . . . . . . 153 AI and the Cloud: Revolutionizing the Future of Computing.. . . . . . . . . . 166 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Chapter 5: Governance and Risk Management 176 Understanding Cybersecurity Policies. . . . . . . . . . . . . . . . . . . 177 Cybersecurity Risk. . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Chapter 6: Asset Management and Data Loss Prevention 220 Information Assets and Systems.. . . . . . . . . . . . . . . . . . . . . 221 Information Classification.. . . . . . . . . . . . . . . . . . . . . . . . 224 Labeling and Handling Standards.. . . . . . . . . . . . . . . . . . . . 233 Information Systems Inventory.. . . . . . . . . . . . . . . . . . . . . . 236 Understanding Data Loss Prevention Technologies.. . . . . . . . . . . . . 242 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Chapter 7: Human Resources Security and Education 256 The Employee Life Cycle. . . . . . . . . . . . . . . . . . . . . . . . 257 The Importance of Employee Agreements.. . . . . . . . . . . . . . . . . 269 The Importance of Security Education and Training. . . . . . . . . . . . . 272 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 Chapter 8: Physical and Environmental Security 290 Understanding the Secure Facility Layered Defense Model.. . . . . . . . . . 292 Protecting Equipment.. . . . . . . . . . . . . . . . . . . . . . . . . 299 Environmental Sustainability. . . . . . . . . . . . . . . . . . . . . . . 308 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310 Chapter 9: Cybersecurity Operations (CyberOps), Incident Response, Digital Forensics, and Threat Hunting 320 Incident Response.. . . . . . . . . . . . . . . . . . . . . . . . . . . 321 What Happened? Investigation and Evidence Handling.. . . . . . . . . . . 349 Understanding Threat Hunting.. . . . . . . . . . . . . . . . . . . . . . 351 Understanding Digital Forensic Analysis.. . . . . . . . . . . . . . . . . . 357 Data Breach Notification Requirements. . . . . . . . . . . . . . . . . . 360 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Chapter 10: Access Control Management 384 Access Control Fundamentals.. . . . . . . . . . . . . . . . . . . . . . 385 Infrastructure Access Controls.. . . . . . . . . . . . . . . . . . . . . . 399 User Access Controls.. . . . . . . . . . . . . . . . . . . . . . . . . 416 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422 Chapter 11: Supply Chain Security, Information Systems Acquisition, Development, and Maintenance 434 Strengthening the Links: A Deep Dive into Supply Chain Security.. . . . . . . 435 System Security Requirements.. . . . . . . . . . . . . . . . . . . . . 441 Secure Code.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448 Cryptography.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462 Chapter 12: Business Continuity Management 474 Emergency Preparedness.. . . . . . . . . . . . . . . . . . . . . . . . 475 Business Continuity Risk Management.. . . . . . . . . . . . . . . . . . 479 The Business Continuity Plan.. . . . . . . . . . . . . . . . . . . . . . 485 Business Continuity and Disaster Recovery in Cloud Services.. . . . . . . . . 493 Plan Testing and Maintenance.. . . . . . . . . . . . . . . . . . . . . . 500 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504 Chapter 13: Regulatory Compliance for Financial Institutions 514 The Gramm-Leach-Bliley Act.. . . . . . . . . . . . . . . . . . . . . . 515 New Yorks Department of Financial Services Cybersecurity Regulation.. . . . . 533 What Is a Regulatory Examination?.. . . . . . . . . . . . . . . . . . . . 535 Personal and Corporate Identity Theft. . . . . . . . . . . . . . . . . . . 537 Regulation of Fintech, Digital Assets, and Cryptocurrencies. . . . . . . . . . 540 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542 Chapter 14: Regulatory Compliance for the Health-care Sector 556 The HIPAA Security Rule. . . . . . . . . . . . . . . . . . . . . . . . 558 The HITECH Act and the Omnibus Rule.. . . . . . . . . . . . . . . . . . 581 Understanding the HIPAA Compliance Enforcement Process. . . . . . . . . 586 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 588 Chapter 15: PCI Compliance for Merchants 600 Protecting Cardholder Data.. . . . . . . . . . . . . . . . . . . . . . . 601 PCI Compliance.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 616 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623 Chapter 16: Privacy in an AI-Driven Landscape 634 Defining Privacy in the Digital Context. . . . . . . . . . . . . . . . . . . 635 The Interplay Between AI and Privacy.. . . . . . . . . . . . . . . . . . . 636 General Data Protection Regulation (GDPR).. . . . . . . . . . . . . . . . 637 California Consumer Privacy Act (CCPA). . . . . . . . . . . . . . . . . . 640 Personal Information Protection and Electronic Documents Act (PIPEDA).. . . . 641 Data Protection Act 2018 in the United Kingdom.. . . . . . . . . . . . . . 643 Leveraging AI to Enhance Privacy Protections.. . . . . . . . . . . . . . . 645 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647 Chapter 17: Artificial Intelligence Governance and Regulations 652 The AI Double-Edged Sword.. . . . . . . . . . . . . . . . . . . . . . 653 Generative AI, LLMs, and Traditional Machine Learning Implementations. . . . 653 Introduction to AI Governance.. . . . . . . . . . . . . . . . . . . . . . 654 The U.S. Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.. . . . . . . . . . . . . . . 655 The Importance of High Accuracy and Precision in AI Systems.. . . . . . . . 661 Explainable AI (XAI): Building Trust and Understanding.. . . . . . . . . . . . 663 Government and Society-wide Approaches to AI Governance.. . . . . . . . . 665 The EU AI Act. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667 Guidelines for Secure AI System Development.. . . . . . . . . . . . . . . 670 OWASP Top 10 Risks for LLM.. . . . . . . . . . . . . . . . . . . . . . 674 MITRE ATLAS Framework. . . . . . . . . . . . . . . . . . . . . . . . 683 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684 Appendix A: Answers to the Multiple Choice Questions 696 978138074104, TOC, 6/18/2024 Feature The in-depth, up-to-the-minute guide to information security policy for every practitioner and advanced student Learn how to establish a cybersecurity program and governance in your organization Familiarize yourself with cybersecurity best practices, governance frameworks, and key standards Understand how to implement appropriate security controls in the cloud Focused coverage of healthcare, finance, and PCI DSS compliance New Feature The latest version of Developing Cybersecurity Programs and Policies. Details ISBN0138074100 Author Omar Santos Language English Edition 4th ISBN-10 0138074100 ISBN-13 9780138074104 Format Paperback DEWEY 005.8 Publisher Pearson Education (US) Place of Publication Upper Saddle River Country of Publication United States Series Pearson IT Cybersecurity Curriculum (ITCC) Edited by Andrzej Wieckowski Birth 1958 Affiliation University of Kentucky Position Author Qualifications Stackpole Military History Series Editor Imprint Pearson IT Certification AU Release Date 2023-10-05 NZ Release Date 2023-10-05 UK Release Date 2023-10-05 Edition Description 4th edition Replaces 9780789759405 Audience Professional & Vocational Pages 768 Year 2024 Publication Date 2024-09-19 US Release Date 2024-09-19 We've got this At The Nile, if you're looking for it, we've got it. With fast shipping, low prices, friendly service and well over a million items - you're bound to find what you want, at a price you'll love! TheNile_Item_ID:161515745;
Price: 159.37 AUD
Location: Melbourne
End Time: 2024-11-19T13:52:00.000Z
Shipping Cost: 0 AUD
Product Images
Item Specifics
Restocking fee: No
Return shipping will be paid by: Buyer
Returns Accepted: Returns Accepted
Item must be returned within: 30 Days
Format: Paperback
Language: English
ISBN-13: 9780138074104
Author: Omar Santos
Type: NA
Book Title: Developing Cybersecurity Programs and Policies in an AI-Driven Wo
Publication Name: NA
