LEADER 07345nam 22007575 450 001 9910300637303321 005 20210302190716.0 024 7 $a10.1007/978-1-4302-6083-7 035 $a(CKB)2670000000618779 035 $a(EBL)3566513 035 $a(SSID)ssj0001501460 035 $a(PQKBManifestationID)11968024 035 $a(PQKBTitleCode)TC0001501460 035 $a(PQKBWorkID)11524699 035 $a(PQKB)10633747 035 $a(DE-He213)978-1-4302-6083-7 035 $a(MiAaPQ)EBC3566513 035 $a(CaSebORM)9781430260837 035 $a(PPN)186024703 035 $a(OCoLC)911430840 035 $a(OCoLC)ocn911430840 035 $a(EXLCZ)992670000000618779 100 $a20150523d2015 u| 0 101 0 $aeng 135 $aur|n|---||||| 181 $ctxt 182 $cc 183 $acr 200 10$aEnterprise Cybersecurity $eHow to Build a Successful Cyberdefense Program Against Advanced Threats /$fby Scott Donaldson, Stanley Siegel, Chris K. Williams, Abdul Aslam 205 $a1st ed. 2015. 210 1$aBerkeley, CA :$cApress :$cImprint: Apress,$d2015. 215 $a1 online resource (508 p.) 225 0 $aExpert's Voice in Cybersecurity 300 $aDescription based upon print version of record. 311 08$a9781430260820 311 08$a1430260823 311 08$a9781430260837 311 08$a1430260831 320 $aIncludes bibliographical references and index. 327 $aContents at a Glance; Contents; Foreword; About the Authors; Acknowledgments ; Introduction; Part I: The Cybersecurity Challenge ; Chapter 1: Defining the Cybersecurity Challenge; The Cyberattacks of Today; The Sony Pictures Entertainment Breach of 2014; Advanced Persistent Threats; Waves of Malware; Types of Cyberattackers; Commodity Threats; Hacktivists; Organized Crime ; Espionage ; Cyberwar ; The Types of Cyberattacks; Confidentiality: Steal Data; Integrity: Modify Data (Steal Money); Availability: Deny Access; The Steps of a Cyberintrusion; Attack Trees and Attack Graphs 327 $aLockheed Martin Kill Chain Mandiant Attack Life Cycle; Enterprise Cybersecurity Attack Sequence; Why Cyberintrusions Succeed; The Explosion in Connectivity; Consolidation of Enterprise IT; Defeat of Preventive Controls; Failure of Detective Controls; Compliance over Capability; The Gap in Cybersecurity Effectiveness; A New Cybersecurity Mindset; An Effective Enterprise Cybersecurity Program; Chapter 2: Meeting the Cybersecurity Challenge; Cybersecurity Frameworks; The Cybersecurity Process; Cybersecurity Challenges; The Risk Management Process 327 $aConsidering Vulnerabilities, Threats, and Risks Risk Analysis and Mitigation; Cybersecurity Controls; Cybersecurity Capabilities; Cybersecurity and Enterprise IT; Emplacing Cyberdefenses ; H ow Cyberdefenses Interconnect; An Enterprise Cybersecurity Architecture; Part II: A New Enterprise Cybersecurity Architecture ; Chapter 3: Enterprise Cybersecurity Architecture; Systems Administration; S ystems Administration: Goal and Objectives ; Systems Administration: Threat Vectors ; Systems Administration: Capabilities; Network Security; Network Security: Goal and Objectives 327 $aNetwork Security: Threat Vectors Network Security: Capabilities ; Application Security; Application Security: Goal and Objectives ; Application Security: Threat Vectors ; Application Security: Capabilities ; Endpoint, Server, and Device Security; Endpoint, Server, and Device Security: Goal and Objectives ; Endpoint, Server, and Device Security: Threat Vectors ; Endpoint, Server, and Device Security: Capabilities ; Identity, Authentication, and Access Management; Identity, Authentication, and Access Management: Goal and Objectives 327 $aIdentity, Authentication, and Access Management: Threat Vectors Identity, Authentication, and Access Management: Capabilities; Data Protection and Cryptography; Data Protection and Cryptography: Goal and Objectives ; Data Protection and Cryptography: Threat Vectors ; Data Protection and Cryptography: Capabilities ; Monitoring, Vulnerability, and Patch Management; Monitoring, Vulnerability, and Patch Management: Goal and Objectives ; Monitoring, Vulnerability, and Patch Management: Threat Vectors; Monitoring, Vulnerability, and Patch Management: Capabilities 327 $aHigh Availability, Disaster Recovery, and Physical Protection 330 $aEnterprise Cybersecurity empowers organizations of all sizes to defend themselves with next-generation cybersecurity programs against the escalating threat of modern targeted cyberattacks. This book presents a comprehensive framework for managing all aspects of an enterprise cybersecurity program. It enables an enterprise to architect, design, implement, and operate a coherent cybersecurity program that is seamlessly coordinated with policy, programmatics, IT life cycle, and assessment. Fail-safe cyberdefense is a pipe dream. Given sufficient time, an intelligent attacker can eventually defeat defensive measures protecting an enterprise?s computer systems and IT networks. To prevail, an enterprise cybersecurity program must manage risk by detecting attacks early enough and delaying them long enough that the defenders have time to respond effectively. Enterprise Cybersecurity shows players at all levels of responsibility how to unify their organization?s people, budgets, technologies, and processes into a cost-efficient cybersecurity program capable of countering advanced cyberattacks and containing damage in the event of a breach. The authors of Enterprise Cybersecurity explain at both strategic and tactical levels how to accomplish the mission of leading, designing, deploying, operating, managing, and supporting cybersecurity capabilities in an enterprise environment. The authors are recognized experts and thought leaders in this rapidly evolving field, drawing on decades of collective experience in cybersecurity and IT. In capacities ranging from executive strategist to systems architect to cybercombatant, Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, and Abdul Aslam have fought on the front lines of cybersecurity against advanced persistent threats to government, military, and business entities. 517 3 $aHow to build a successful cyberdefense program against advanced threats 606 $aData protection 606 $aData encryption (Computer science) 606 $aSecurity$3https://scigraph.springernature.com/ontologies/product-market-codes/I28000 606 $aCryptology$3https://scigraph.springernature.com/ontologies/product-market-codes/I28020 615 0$aData protection. 615 0$aData encryption (Computer science) 615 14$aSecurity. 615 24$aCryptology. 676 $a004 700 $aDonaldson$b Scott E.$4aut$4http://id.loc.gov/vocabulary/relators/aut$0959977 702 $aSiegel$b Stanley$4aut$4http://id.loc.gov/vocabulary/relators/aut 702 $aWilliams$b Chris K$4aut$4http://id.loc.gov/vocabulary/relators/aut 702 $aAslam$b Abdul$4aut$4http://id.loc.gov/vocabulary/relators/aut 801 0$bUMI 801 1$bUMI 906 $aBOOK 912 $a9910300637303321 996 $aEnterprise Cybersecurity$92175739 997 $aUNINA