SØG - mellem flere end 8 millioner bøger:

Søg på: Titel, forfatter, forlag - gerne i kombination.
Eller blot på isbn, hvis du kender dette.
Hjælp

Viser: Developing Cybersecurity Programs and Policies in an AI-Driven World

Developing Cybersecurity Programs and Policies in an AI-Driven World, 4. udgave

Developing Cybersecurity Programs and Policies in an AI-Driven World

Omar Santos
(2024)
Sprog: Engelsk
Cisco Press
616,00 kr.
ikke på lager, Bestil nu og få den leveret
om ca. 15 hverdage
Porto kan blive tilføjet, se takster her
Denne bog erstatter Developing Cybersecurity Programs and Policies, 3. udgave

Detaljer om varen

  • 4. Udgave
  • Paperback: 768 sider
  • Udgiver: Cisco Press (Juli 2024)
  • ISBN: 9780138074104

ALL THE KNOWLEDGE YOU NEED TO BUILD CYBERSECURITY PROGRAMS AND POLICIES THAT WORK

 

Clearly presents best practices, governance frameworks, and key standards

Includes focused coverage of healthcare, finance, and PCI DSS compliance

An essential and invaluable guide for leaders, managers, and technical professionals

 

Today, cyberattacks can place entire organizations at risk. Cybersecurity can no longer be delegated to specialists: Success requires everyone to work together, from leaders on down. Developing Cybersecurity Programs and Policies in an AI-Driven World offers start-to-finish guidance for establishing effective cybersecurity in any organization. Drawing on more than two decades of real-world experience, Omar Santos presents realistic best practices for defining policy and governance, ensuring compliance, and collaborating to harden the entire organization.

 

Santos begins by outlining the process of formulating actionable cybersecurity policies and creating a governance framework to support these policies. He then delves into various aspects of risk management, including strategies for asset management and data loss prevention, illustrating how to integrate various organizational functions--from HR to physical security--to enhance overall protection. This book covers many case studies and best practices for safeguarding communications, operations, and access; alongside strategies for the responsible acquisition, development, and maintenance of technology. It also discusses effective responses to security incidents. Santos provides a detailed examination of compliance requirements in different sectors and the NIST Cybersecurity Framework.

 

LEARN HOW TO

 

  • Establish cybersecurity policies and governance that serve your organization's needs
  • Integrate cybersecurity program components into a coherent framework for action
  • Assess, prioritize, and manage security risk throughout the organization
  • Manage assets and prevent data loss
  • Work with HR to address human factors in cybersecurity
  • Harden your facilities and physical environment
  • Design effective policies for securing communications, operations, and access
  • Strengthen security throughout AI-driven deployments
  • Plan for quick, effective incident response and ensure business continuity
  • Comply with rigorous regulations in finance and healthcare
  • Learn about the NIST AI Risk Framework and how to protect AI implementations
  • Explore and apply the guidance provided by the NIST Cybersecurity Framework

 

Introduction xviii
Chapter 1: Understanding Cybersecurity Policy and Governance 2 Information Security vs. Cybersecurity Policies..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 6 Looking at Policy Through the Ages..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 6 Cybersecurity Policy..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 10 Cybersecurity Policy Life Cycle..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 28 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 34
Chapter 2: Cybersecurity Policy Organization, Format, and Styles 46 Policy Hierarchy..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 47 Writing Style and Technique..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 51 Plain Language Techniques for Policy Writing..
.
.
.
.
.
.
.
.
. 53 Policy Format..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 56 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 69
Chapter 3: Cybersecurity Frameworks 80 Confidentiality, Integrity, and Availability (CIA).
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 81 What Is a Cybersecurity Framework?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 94 NIST Cybersecurity Framework..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 110 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 118
Chapter 4: Cloud Security 132 Why Cloud Computing?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 133 Cloud Computing Models..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 139 Cloud Governance.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 141 Multitenancy.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 150 Core Components of the Cloud Computing Reference Architecture..
.
.
.
.
. 151 Key Concepts and Functional Layers of Cloud Computing.
.
.
.
.
.
.
.
.
. 152 Understanding Top Cybersecurity Risks in Cloud Computing.
.
.
.
.
.
.
.
. 153 AI and the Cloud: Revolutionizing the Future of Computing..
.
.
.
.
.
.
.
.
. 166 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 168
Chapter 5: Governance and Risk Management 176 Understanding Cybersecurity Policies.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 177 Cybersecurity Risk.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 197 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 207
Chapter 6: Asset Management and Data Loss Prevention 220 Information Assets and Systems..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 221 Information Classification..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 224 Labeling and Handling Standards..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 233 Information Systems Inventory..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 236 Understanding Data Loss Prevention Technologies..
.
.
.
.
.
.
.
.
.
.
.
. 242 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 245
Chapter 7: Human Resources Security and Education 256 The Employee Life Cycle.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 257 The Importance of Employee Agreements..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 269 The Importance of Security Education and Training.
.
.
.
.
.
.
.
.
.
.
.
. 272 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 278
Chapter 8: Physical and Environmental Security 290 Understanding the Secure Facility Layered Defense Model..
.
.
.
.
.
.
.
.
. 292 Protecting Equipment..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 299 Environmental Sustainability.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 308 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 310
Chapter 9: Cybersecurity Operations (CyberOps), Incident Response, Digital Forensics, and Threat Hunting 320 Incident Response..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 321 What Happened? Investigation and Evidence Handling..
.
.
.
.
.
.
.
.
.
. 349 Understanding Threat Hunting..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 351 Understanding Digital Forensic Analysis..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 357 Data Breach Notification Requirements.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 360 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 368
Chapter 10: Access Control Management 384 Access Control Fundamentals..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 385 Infrastructure Access Controls..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 399 User Access Controls..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 416 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 422
Chapter 11: Supply Chain Security, Information Systems Acquisition, Development, and Maintenance 434 Strengthening the Links: A Deep Dive into Supply Chain Security..
.
.
.
.
.
. 435 System Security Requirements..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 441 Secure Code..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 448 Cryptography..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 453 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 462
Chapter 12: Business Continuity Management 474 Emergency Preparedness..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 475 Business Continuity Risk Management..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 479 The Business Continuity Plan..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 485 Business Continuity and Disaster Recovery in Cloud Services..
.
.
.
.
.
.
.
. 493 Plan Testing and Maintenance..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 500 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 504
Chapter 13: Regulatory Compliance for Financial Institutions 514 The Gramm-Leach-Bliley Act..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 515 New York''s Department of Financial Services Cybersecurity Regulation..
.
.
.
. 533 What Is a Regulatory Examination?..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 535 Personal and Corporate Identity Theft.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 537 Regulation of Fintech, Digital Assets, and Cryptocurrencies.
.
.
.
.
.
.
.
.
. 540 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 542
Chapter 14: Regulatory Compliance for the Health-care Sector 556 The HIPAA Security Rule.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 558 The HITECH Act and the Omnibus Rule..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 581 Understanding the HIPAA Compliance Enforcement Process.
.
.
.
.
.
.
.
. 586 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 588
Chapter 15: PCI Compliance for Merchants 600 Protecting Cardholder Data..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 601 PCI Compliance..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 616 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 623
Chapter 16: Privacy in an AI-Driven Landscape 634 Defining Privacy in the Digital Context.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 635 The Interplay Between AI and Privacy..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 636 General Data Protection Regulation (GDPR)..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 637 California Consumer Privacy Act (CCPA).
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 640 Personal Information Protection and Electronic Documents Act (PIPEDA)..
.
.
. 641 Data Protection Act 2018 in the United Kingdom..
.
.
.
.
.
.
.
.
.
.
.
.
. 643 Leveraging AI to Enhance Privacy Protections..
.
.
.
.
.
.
.
.
.
.
.
.
.
. 645 Summary..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 647
Chapter 17: Artificial Intelligence Governance and Regulations 652 The AI Double-Edged Sword..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 653 Generative AI, LLMs, and Traditional Machine Learning Implementations.
.
.
. 653 Introduction to AI Governance..
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 654 The U.S. Executive Order on the Safe, Secure, and Trustworthy Development and Use of
De oplyste priser er inkl. moms
Om Polyteknisk Boghandel
Vore forlag
Kontakt
Medarbejdere 
Om returret
Butikker og åbningstid
Handler du som firma
Forretningsbetingelser
Porto og forsendelse
Data & cookiepolitik 
Find pensumliste
FAQ for studerende
Pensumlistegaranti 
Sortiment og levering
Kompendier(for undervisere)
E-mærke certificeret
Trustpilot = Fremragende
Polyteknisk Boghandel og Forlag A/S - Anker Engelundsvej 1 - 2800 Lyngby
Tlf 77 42 43 44 - email poly@polyteknisk.dk - CVR 34072655 - Sydbank Reg: 6748 Konto 0001107927

Polyteknisk Boghandel

har gennem mere end 50 år været studieboghandlen på DTU og en af Danmarks førende specialister i faglitteratur.

 

Vi lagerfører et bredt udvalg af bøger, ikke bare inden for videnskab og teknik, men også f.eks. ledelse, IT og meget andet.

Læs mere her


Fysisk eller digital bog?

Ud over trykte bøger tilbyder vi tre forskellige typer af digitale bøger:

 

Vital Source Bookshelf: En velfungerende ebogsplatform, hvor bogen downloades til din computer og/eller mobile enhed.

 

Du skal bruge den gratis Bookshelf software til at læse læse bøgerne - der er indbygget gode værktøjer til f.eks. søgning, overstregning, notetagning mv. I langt de fleste tilfælde vil du samtidig have en sideløbende 1825 dages online adgang. Læs mere om Vital Source bøger

 

Levering: I forbindelse med købet opretter du et login. Når du har installeret Bookshelf softwaren, logger du blot ind og din bog downloades automatisk.

 

 

Adobe ebog: Dette er Adobe DRM ebøger som downloades til din lokale computer eller mobil enhed.

 

For at læse bøgerne kræves særlig software, som understøtter denne type. Softwaren er gratis, men du bør sikre at du har rettigheder til installere software på den maskine du påtænker at anvende den på. Læs mere om Adobe DRM bøger

 

Levering: Et download link sendes pr email umiddelbart efter købet.

 


Ibog: Dette er en online bog som kan læses på udgiverens website. 

Der kræves ikke særlig software, bogen læses i en almindelig browser.

 

Levering: Vores medarbejder sender dig en adgangsnøgle pr email.

 

Vi gør opmærksom på at der ikke er retur/fortrydelsesret på digitale varer.