Librería Portfolio

Features

Presents the concepts of ICT audit and control
Shows how to create a verifiable audit-based control structure that will ensure comprehensive security for systems and data
Explains how to establish systematic control and reporting procedures within a standard organizational framework and build auditable trust into the security of ICT operations
Defines a complete and correct set of control objectives along with monitoring and reporting systems
Discusses a formally defined and implemented infrastructure of best practices aimed specifically at optimizing the coordination and control of the security function
Summary

The Complete Guide to Cybersecurity Risks and Controls presents the fundamental concepts of information and communication technology (ICT) governance and control. In this book, you will learn how to create a working, practical control structure that will ensure the ongoing, day-to-day trustworthiness of ICT systems and data. The book explains how to establish systematic control functions and timely reporting procedures within a standard organizational framework and how to build auditable trust into the routine assurance of ICT operations.

The book is based on the belief that ICT operation is a strategic governance issue rather than a technical concern. With the exponential growth of security breaches and the increasing dependency on external business partners to achieve organizational success, the effective use of ICT governance and enterprise-wide frameworks to guide the implementation of integrated security controls are critical in order to mitigate data theft. Surprisingly, many organizations do not have formal processes or policies to protect their assets from internal or external threats.

The ICT governance and control process establishes a complete and correct set of managerial and technical control behaviors that ensures reliable monitoring and control of ICT operations. The body of knowledge for doing that is explained in this text. This body of knowledge process applies to all operational aspects of ICT responsibilities ranging from upper management policy making and planning, all the way down to basic technology operation.



Table of Contents

Why Cybersecurity Management Is Important
Computing and Culture Shock
Chapter Summary
Key Concepts
Key Terms
References

Control-Based Information Governance, What It Is and How It Works
The Value of Formal Control
Chapter Summary
Key Concepts
Key Terms
References

A Survey of Control Frameworks, General Structure, and Application
What Is Information Security Governance?
IT Governance Frameworks-An Overview
IT Security Controls
Chapter Summary
Key Terms
References

What Are Controls and Why Are They Important?
Picking Up Where Chapter 1 Left Off
Goal-Based Security Controls
Implementation-Based Security Controls
The Security Control Formulation and Development Process
Setting the Stage for Control Implementation through Security Architecture Design
Chapter Summary
Key Terms
References

Implementing a Multitiered Governance and Control Framework in a Business
Constructing Practical Systems of Controls
Practical Implementation: How to Establish a Real, Working Control Framework
Ensuring Long-Term Control Capability
Chapter Summary
Key Concepts
Key Terms
References

Risk Management and Prioritization Using a Control Perspective
Ensuring that Risk Management Process Supports the Organization
The Five Elements of the Risk Management Process
Chapter Summary
Key Concepts
Key Terms

Control Formulation and Implementation Process
The Control Formulation Process
Creating and Documenting Control Objectives
Creating a Management-Level Control Process
Assessing Control Performance
Measurement-Based Assurance of Controls
Assessing and Remediating the Control Environment
Developing a Comprehensive ICT Control Program
Chapter Summary
Key Concepts
Key Terms

Security Control Validation and Verification
Security Control Assessment Fundamentals
NIST Security Control Assessment Process
Control Testing and Examination Application
Chapter Summary
Key Terms
References

Control Framework Sustainment and Security of Operations
Operational Control Assurance: Aligning Purpose with Practice
Operational Assurance (Sensing)
Analysis
Response Management (Responding)
Operational Oversight and Infrastructure Assurance of Control Set Integrity
Chapter Summary
Key Concepts
Key Terms