Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Cover
Title
Copyright
Contents
Part 1: Introduction
Chapter 1: The threat landscape
Chapter 2: Information and cyber security
Chapter 3: Cyber resilience
Chapter 4: Regulatory and contractual requirements
4.1 International data privacy laws
4.2 Cyber security requirements for critical infrastructure
4.3 Contractual requirements
Chapter 5: Implementing cyber security
5.1 Making trade-offs
5.2 Three security pillars
5.3 The IT Governance Cyber Resilience Framework (CRF)
5.4 Structure of the book
Part 2: Threats and vulnerabilities
Chapter 6: The anatomy of threats
Chapter 7: Technical threats
7.1 The attackers
7.2 Malware
7.3 Technical threat example: TalkTalk data breach
Chapter 8: Human threats
8.1 Staff awareness
8.2 Social engineering
8.3 Remote working
8.4 Human threat example: WannaCry
Chapter 9: Physical threats
9.1 Physical entry threats
9.2 Physical security and mobile devices
9.3 Environmental threats
9.4 Physical threat example: KVM attacks
Chapter 10: Third-party threats
10.1 Supply chain threats
10.2 Third-party threat example: Target data breach
Part 3: The CRF processes
Chapter 11: An overview of the CRF processes
Chapter 12: Manage and protect
12.1 Asset management
12.2 Information security policies
12.3 Physical and environmental security
12.4 Identity and access control
12.5 Malware protection
12.6 Configuration and patch management
12.7 Encryption
12.8 System security
12.9 Network and communications security
12.10 Security competence and training
12.11 Staff awareness training
12.12 Comprehensive risk management programme
12.13 Supply chain risk management
Chapter 13: Identify and detect
13.1 Threat and vulnerability intelligence
13.2 Security monitoring
Chapter 14: Respond and recover
14.1 Incident response management
14.2 ICT continuity management
14.3 Business continuity management
Chapter 15: Govern and assure
15.1 Formal information security management programme
15.2 Continual improvement process
15.3 Board-level commitment and involvement
15.4 Governance structure and processes
15.5 Internal audit
15.6 External certification/validation
Chapter 16: Maturity levels
16.1 Determining the level of maturity to aim for
Part 4: Eight steps to implementing cyber security
Chapter 17: Introducing the IT Governance eight-step approach
Chapter 18: Step 1 – Start the project
18.1 Project mandate
18.2 Project team
18.3 Project leadership
Chapter 19: Step 2 – Determine requirements and objectives
19.1 Project vs cyber security objectives
Chapter 20: Step 3 – Determine the scope
Chapter 21: Step 4 – Define current and ideal target states
Using the CRF
Gap analysis
Chapter 22: Step 5 – Establish a continual improvement model
Chapter 23: Step 6 – Conduct a risk assessment
Chapter 24: Step 7 – Select and implement controls
Chapter 25: Step 8 – Measure and review performance
25.1 Continual improvement
25.2 Management review
Part 5: Reference frameworks
Chapter 26: Why you should consider reference frameworks
26.1 Standard types
26.2 Certification benefits
Chapter 27: Core
27.1 Cyber Essentials
27.2 CRF alignment
Chapter 28: Baseline
28.1 NIST CSF
28.2 ISO 27001
28.3 CRF alignment
Chapter 29: Extended
29.1 ISO 22301 – BCM
29.2 ISO 27017 – Cloud security
29.3 ISO 27035 – Information security incident management
29.4 ISO 27036 – Information security in the supply chain
29.5 ISO 27701 – Privacy management
29.6 CRF alignment
Chapter 30: Embedded
30.1 COBIT®
30.2 ISO 27014
30.3 CRF alignment
Part 6: Conclusion and appendices
Chapter 31: Conclusion
Appendix 1: IT and information asset checklist
Appendix 2: Template outline project plan
Appendix 3: Glossary of acronyms and abbreviations
GRC International Group resources
Publishing services
GRC International Group cyber security services
Cyber security training and staff awareness
Professional services and consultancy
Newsletter
← Prev
Back
Next →
← Prev
Back
Next →