Du er ikke logget ind
Beskrivelse
About the authorsIntroduction
Chapter 1. Standards and frameworks
ISO 27001
ISO 27002
ISO 27018 n17
NIST sp 800-53
NIST sp 800-160
PCI DSS
Cloud standards
ISO 17789
NIST sp 500-292
Cobit for it security
CIS controls
Chapter 2. Corporate security controls
Information security processes and services
Security governance
Governance of information security (ISO 27014:2013)
Security metrics
Policies and procedures
Cyber security and risk assessment
Penetration testing
Red teaming
Owasp code review
Compliance scans
Vulnerability scans
Firewall assurance
Risk assessments
Security awareness
Security awareness training
Simulated attacks
Security operations center
Incident response and recovery
Threat hunting
Ediscovery/forensics
Threat intelligence
Cyber crisis management plan
Security engineering
Asset management
Configuration management and security baselines
Security architecture and design
It security technical controls
Off premises unmanaged devices
Secure connections
Clean pipes
DDOS protection
Ipsec / tls encryption
EMM - enterprise mobility management (mdm, mam, mcm)
NAC - network access control
Multi factor authentication
Managed devices
Active directory integration
SCCM - system center configuration manager
TPM - trusted platform module
VPN client
NAC - network access control (agent)
Data classification
UAM - user activity monitoring
Phishing reporting tool
Endpoint protection
Host ips / edr
Desktop firewall
Antivirus
Antispyware
Full disk encryption
App-control / white-listing
Perimeter controls
Firewall
IDS / IPS
Proxy and content filtering
DLP - data leakage/loss protection
Honeypot
WAF - web application firewall
Ssl / vpn
Dns
Message security
Adfs
Sandbox
File integrity
Encrypted email
On premises controls
Mandatory requirements
Vlan segmentation
Criticality
Nature
Type
Security baselines
Redundancy
Load balancing
Production traffic encryption
Multilayer implementation
Tls decryption
Static routing
Disaster recovery
Time synchronization
Redundancy
Physical network segmentation
Distinct heartbeat interfaces
Centralized management
Default gateways
Sinkhole
Public key infrastructure
Security monitoring and enforcement
Privileged access management
Log concentrator
Identity and access management
Vulnerability management and penetration testing
Security information and event management
Database activity monitoring
Risk register
Single sign-on
Chapter 3. It security technical control matrix
Chapter 4. It security processes maturity level matrix
Chapter 5. More about cloud
ISO 17789 and NIST sp500-292 developed
IaaS
SaaS & secaas
Chapter 6. Security testing tools
Web applications attacks
Passive online password hacking
Steganography
Windows log tools
Vulnerability scanner
SQL injection
Wireless attacks
Session hijacking
Bluetooth attacks
Arp poisoning
W