Developing Cybersecurity Programs and Policies in an AI-Driven World

Omar Santos

$331.95 $265.27

Paperback

Not in-store but you can order this
How long will it take?

Availability Information

We source books from suppliers in Australia and overseas. For books we don't currently have in stock, the time it takes to get them from our suppliers can vary widely - from a few days to a few months - so we check each book with each supplier to determine the expected time it will take to be supplied to us.

We then advise you accordingly. If the time taken to get any book is too long for you, you can let us know and we will cancel or adjust your order, and refund as required.

To find out the anticipated arrival time for specific items prior to ordering, please contact us by phone or email:

Phone +61 2 9264 3111, or 1800 4 BOOKS (1800 4 26657) if outside Sydney:
option 1 Abbey's Bookshop (Crime, History, Science, Kids & more) • info@abbeys.com.au
option 2 Language Book Centre (ESL & Foreign Languages) • language@abbeys.com.au
option 3 Galaxy Bookshop (Sci-fi, Fantasy, Romance, Graphic Novels) • sf@galaxybooks.com.au

QTY:

English

Pearson IT Certification
19 September 2024

Network security; Networking packages

Series: Pearson IT Cybersecurity Curriculum (ITCC)

ALL THE KNOWLEDGE YOU NEED TO BUILD CYBERSECURITY PROGRAMS AND POLICIES THAT WORK

Clearly presents best practices, governance frameworks, and key standards

Includes focused coverage of healthcare, finance, and PCI DSS compliance

An essential and invaluable guide for leaders, managers, and technical professionals

Today, cyberattacks can place entire organizations at risk. Cybersecurity can no longer be delegated to specialists: Success requires everyone to work together, from leaders on down. Developing Cybersecurity Programs and Policies in an AI-Driven World offers start-to-finish guidance for establishing effective cybersecurity in any organization. Drawing on more than two decades of real-world experience, Omar Santos presents realistic best practices for defining policy and governance, ensuring compliance, and collaborating to harden the entire organization.

Santos begins by outlining the process of formulating actionable cybersecurity policies and creating a governance framework to support these policies. He then delves into various aspects of risk management, including strategies for asset management and data loss prevention, illustrating how to integrate various organizational functions—from HR to physical security—to enhance overall protection. This book covers many case studies and best practices for safeguarding communications, operations, and access; alongside strategies for the responsible acquisition, development, and maintenance of technology. It also discusses effective responses to security incidents. Santos provides a detailed examination of compliance requirements in different sectors and the NIST Cybersecurity Framework.

LEARN HOW TO

Establish cybersecurity policies and governance that serve your organization’s needs Integrate cybersecurity program components into a coherent framework for action Assess, prioritize, and manage security risk throughout the organization Manage assets and prevent data loss Work with HR to address human factors in cybersecurity Harden your facilities and physical environment Design effective policies for securing communications, operations, and access Strengthen security throughout AI-driven deployments Plan for quick, effective incident response and ensure business continuity Comply with rigorous regulations in finance and healthcare Learn about the NIST AI Risk Framework and how to protect AI implementations Explore and apply the guidance provided by the NIST Cybersecurity Framework

By: Omar Santos
Imprint: Pearson IT Certification
Country of Publication: United States
Edition: 4th edition
Dimensions: Height: 230mm, Width: 175mm, Spine: 35mm
Weight: 1.247kg
ISBN: 9780138074104
ISBN 10: 0138074100
Series: Pearson IT Cybersecurity Curriculum (ITCC)
Pages: 768
Publication Date: 19 September 2024
Audience: Professional and scholarly , Undergraduate
Format: Paperback
Publisher's Status: Active

Introduction xviii Chapter 1: Understanding Cybersecurity Policy and Governance 2 Information Security vs. Cybersecurity Policies.. . . . . . . . . . . . . . . . 6 Looking at Policy Through the Ages.. . . . . . . . . . . . . . . . . . . . 6 Cybersecurity Policy.. . . . . . . . . . . . . . . . . . . . . . . . . . 10 Cybersecurity Policy Life Cycle.. . . . . . . . . . . . . . . . . . . . . . 28 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Chapter 2: Cybersecurity Policy Organization, Format, and Styles 46 Policy Hierarchy.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Writing Style and Technique.. . . . . . . . . . . . . . . . . . . . . . . 51 Plain Language Techniques for Policy Writing.. . . . . . . . . . 53 Policy Format.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Chapter 3: Cybersecurity Frameworks 80 Confidentiality, Integrity, and Availability (CIA). . . . . . . . . . . . . . . . 81 What Is a Cybersecurity Framework?.. . . . . . . . . . . . . . . . . . . 94 NIST Cybersecurity Framework.. . . . . . . . . . . . . . . . . . . . . 110 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Chapter 4: Cloud Security 132 Why Cloud Computing?.. . . . . . . . . . . . . . . . . . . . . . . . 133 Cloud Computing Models.. . . . . . . . . . . . . . . . . . . . . . . . 139 Cloud Governance. . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Multitenancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Core Components of the Cloud Computing Reference Architecture.. . . . . . 151 Key Concepts and Functional Layers of Cloud Computing. . . . . . . . . . 152 Understanding Top Cybersecurity Risks in Cloud Computing. . . . . . . . . 153 AI and the Cloud: Revolutionizing the Future of Computing.. . . . . . . . . . 166 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Chapter 5: Governance and Risk Management 176 Understanding Cybersecurity Policies. . . . . . . . . . . . . . . . . . . 177 Cybersecurity Risk. . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Chapter 6: Asset Management and Data Loss Prevention 220 Information Assets and Systems.. . . . . . . . . . . . . . . . . . . . . 221 Information Classification.. . . . . . . . . . . . . . . . . . . . . . . . 224 Labeling and Handling Standards.. . . . . . . . . . . . . . . . . . . . 233 Information Systems Inventory.. . . . . . . . . . . . . . . . . . . . . . 236 Understanding Data Loss Prevention Technologies.. . . . . . . . . . . . . 242 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Chapter 7: Human Resources Security and Education 256 The Employee Life Cycle. . . . . . . . . . . . . . . . . . . . . . . . 257 The Importance of Employee Agreements.. . . . . . . . . . . . . . . . . 269 The Importance of Security Education and Training. . . . . . . . . . . . . 272 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 Chapter 8: Physical and Environmental Security 290 Understanding the Secure Facility Layered Defense Model.. . . . . . . . . . 292 Protecting Equipment.. . . . . . . . . . . . . . . . . . . . . . . . . 299 Environmental Sustainability. . . . . . . . . . . . . . . . . . . . . . . 308 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310 Chapter 9: Cybersecurity Operations (CyberOps), Incident Response, Digital Forensics, and Threat Hunting 320 Incident Response.. . . . . . . . . . . . . . . . . . . . . . . . . . . 321 What Happened? Investigation and Evidence Handling.. . . . . . . . . . . 349 Understanding Threat Hunting.. . . . . . . . . . . . . . . . . . . . . . 351 Understanding Digital Forensic Analysis.. . . . . . . . . . . . . . . . . . 357 Data Breach Notification Requirements. . . . . . . . . . . . . . . . . . 360 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Chapter 10: Access Control Management 384 Access Control Fundamentals.. . . . . . . . . . . . . . . . . . . . . . 385 Infrastructure Access Controls.. . . . . . . . . . . . . . . . . . . . . . 399 User Access Controls.. . . . . . . . . . . . . . . . . . . . . . . . . 416 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422 Chapter 11: Supply Chain Security, Information Systems Acquisition, Development, and Maintenance 434 Strengthening the Links: A Deep Dive into Supply Chain Security.. . . . . . . 435 System Security Requirements.. . . . . . . . . . . . . . . . . . . . . 441 Secure Code.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448 Cryptography.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462 Chapter 12: Business Continuity Management 474 Emergency Preparedness.. . . . . . . . . . . . . . . . . . . . . . . . 475 Business Continuity Risk Management.. . . . . . . . . . . . . . . . . . 479 The Business Continuity Plan.. . . . . . . . . . . . . . . . . . . . . . 485 Business Continuity and Disaster Recovery in Cloud Services.. . . . . . . . . 493 Plan Testing and Maintenance.. . . . . . . . . . . . . . . . . . . . . . 500 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504 Chapter 13: Regulatory Compliance for Financial Institutions 514 The Gramm-Leach-Bliley Act.. . . . . . . . . . . . . . . . . . . . . . 515 New York’s Department of Financial Services Cybersecurity Regulation.. . . . . 533 What Is a Regulatory Examination?.. . . . . . . . . . . . . . . . . . . . 535 Personal and Corporate Identity Theft. . . . . . . . . . . . . . . . . . . 537 Regulation of Fintech, Digital Assets, and Cryptocurrencies. . . . . . . . . . 540 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542 Chapter 14: Regulatory Compliance for the Health-care Sector 556 The HIPAA Security Rule. . . . . . . . . . . . . . . . . . . . . . . . 558 The HITECH Act and the Omnibus Rule.. . . . . . . . . . . . . . . . . . 581 Understanding the HIPAA Compliance Enforcement Process. . . . . . . . . 586 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 588 Chapter 15: PCI Compliance for Merchants 600 Protecting Cardholder Data.. . . . . . . . . . . . . . . . . . . . . . . 601 PCI Compliance.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 616 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623 Chapter 16: Privacy in an AI-Driven Landscape 634 Defining Privacy in the Digital Context. . . . . . . . . . . . . . . . . . . 635 The Interplay Between AI and Privacy.. . . . . . . . . . . . . . . . . . . 636 General Data Protection Regulation (GDPR).. . . . . . . . . . . . . . . . 637 California Consumer Privacy Act (CCPA). . . . . . . . . . . . . . . . . . 640 Personal Information Protection and Electronic Documents Act (PIPEDA).. . . . 641 Data Protection Act 2018 in the United Kingdom.. . . . . . . . . . . . . . 643 Leveraging AI to Enhance Privacy Protections.. . . . . . . . . . . . . . . 645 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647 Chapter 17: Artificial Intelligence Governance and Regulations 652 The AI Double-Edged Sword.. . . . . . . . . . . . . . . . . . . . . . 653 Generative AI, LLMs, and Traditional Machine Learning Implementations. . . . 653 Introduction to AI Governance.. . . . . . . . . . . . . . . . . . . . . . 654 The U.S. Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.. . . . . . . . . . . . . . . 655 The Importance of High Accuracy and Precision in AI Systems.. . . . . . . . 661 Explainable AI (XAI): Building Trust and Understanding.. . . . . . . . . . . . 663 Government and Society-wide Approaches to AI Governance.. . . . . . . . . 665 The EU AI Act. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667 Guidelines for Secure AI System Development.. . . . . . . . . . . . . . . 670 OWASP Top 10 Risks for LLM.. . . . . . . . . . . . . . . . . . . . . . 674 MITRE ATLAS Framework. . . . . . . . . . . . . . . . . . . . . . . . 683 Summary.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684 Appendix A: Answers to the Multiple Choice Questions 696 978138074104, TOC, 6/18/2024

Omar Santos is a Distinguished Engineer at Cisco, focusing on artificial intelligence (AI) security, cybersecurity research, incident response, and vulnerability disclosure. He is a board member of the OASIS Open standards organization and the founder of OpenEoX. Omar’s collaborative efforts extend to numerous organizations, including the Forum of Incident Response and Security Teams (FIRST) and the Industry Consortium for Advancement of Security on the Internet (ICASI). Omar is the co-chair of the FIRST PSIRT Special Interest Group (SIG). Omar is the co-founder of the DEF CON Red Team Village and the chair of the Common Security Advisory Framework (CSAF) technical committee. Omar is the author of more than 25 books, 21 video courses, and more than 50 academic research papers. He is a renowned expert in ethical hacking, vulnerability research, incident response, and AI security. He employs his deep understanding of these disciplines to help organizations stay ahead of emerging threats. His dedication to cybersecurity has made a significant impact on technology standards, businesses, academic institutions, government agencies, and other entities striving to improve their cybersecurity programs. Prior to working for Cisco, Omar served in the U.S. Marines, focusing on the deployment, testing, and maintenance of Command, Control, Communications, Computer and Intelligence (C4I) systems. You can find Omar at: X: @santosomar LinkedIn: https://www.linkedin.com/in/santosomar

MOTHER'S DAY SPECIALS! SHOW ME MORE

Developing Cybersecurity Programs and Policies in an AI-Driven World

Omar Santos

$331.95 $265.27

Paperback

See Also

Contact Abbeys

Contact Galaxy

Contact Language

Contact Us

About ABBEY'S