1st Edition
Implementing Cybersecurity, The Cybersecurity Body of Knowledge, How to Build a Cyber-Resilient Organization, and Supply Chain Risk Management Set
Implementing Cybersecurity provides the complete strategic understanding requisite to allow a person to create and use the RMF process recommendations for risk management. This will be the case both for applications of the RMF in corporate training situations, as well as for any individual who wants to obtain specialized knowledge in organizational risk management. It is an all-purpose roadmap of sorts aimed at the practical understanding and implementation of the risk management process as a standard entity. It will enable an "application" of the risk management process as well as the fundamental elements of control formulation within an applied context.
The Cybersecurity Body of Knowledge explains the content, purpose, and use of eight knowledge areas that define the boundaries of the discipline of cybersecurity. The discussion focuses on, and is driven by, the essential concepts of each knowledge area that collectively capture the cybersecurity body of knowledge to provide a complete picture of the field.
How to Build a Cyber-Resilient Organization presents a standard methodology approach to cyber-resilience. Readers will learn how to design a cyber-resilient architecture for a given organization as well as how to maintain a state of cyber-resilience in its day-to-day operation. Readers will know how to establish a state of systematic cyber-resilience within this structure and how to evolve the protection to correctly address the threat environment. This revolves around the steps to perform strategic cyber-resilience planning, implementation and evolution. Readers will know how to perform the necessary activities to identify, prioritize and deploy targeted controls and maintain a persistent and reliable reporting system.
Supply Chain Risk Management presents the concepts of ICT supply chain risk management from the perspective of NIST IR 800-161. It covers how to create a verifiable audit-based control structure to ensure comprehensive security for acquired products. It explains how to establish systematic control over the supply chain and how to build auditable trust into the products and services acquired by the organization. It details a capability maturity development process that will install an increasingly competent process and an attendant set of activities and tasks within the technology acquisition process. It defines a complete and correct set of processes, activities, tasks and monitoring and reporting systems.
Implementing Cybersecurity
Introduction to Organizational Security Risk Management. Survey of Existing Risk Management Models. Step 1 – Categorize Information and Information Systems. Step 2 – Select Security Controls. Step 3 – Implement Security Controls. Step 4 – Assess Security Controls. Step 5 – Authorize Information Systems. Step 6 – Monitor Security State. Practical Application to the Implementation of the NIST Risk Management Framework.
The Cybersecurity Body of Knowledge
Foreword 1. Foreword 2. Author Biographies. Introduction. Chapter 1 Securing Cyberspace Is Everybody’s Business. Chapter 2 The Cybersecurity Body of Knowledge. Chapter 3 Data Security. Chapter 4 Software Security. Chapter 5 Component Security. Chapter 6 Connection Security. Chapter 7 System Security. Chapter 8 Human Security. Chapter 9 Organizational Security. Chapter 10 Societal Security. Index.
How to Build a Cyber-Resilient Organization
1. It’s Time for a New Paradigm 2. Asset Identification and Classification 3. Establishing the Risk Status of the Corporate Infrastructure 4. Prioritization of Assets and Establishing a Plan for Resilient Change 5. Control Design and Deployment 6. Control Assessment and Assurance 7. Recovering the Non-Priority Assets 8. Ensuring a Continuously Cyber-Resilient Organization
Supply Chain Risk Management
What Product Risk Is and Why It Needs to be Managed. The Three Constituencies of Product Trust. Building a Standard Acquisition Infrastructure. Risk Management in the ICT Product Chain. Control Formulation and Implementation. Control Sustainment and Operational Assurance. A Capability Maturity Model for Secure Product Acquisition.
Biography
Dan Shoemaker, PhD, is full professor, senior research scientist, and program director at the University of Detroit Mercy’s Center for Cyber Security and Intelligence Studies. Dan is a former chair of the Cybersecurity & Information Systems Department and has authored numerous books and journal articles focused on cybersecurity.
Anne Kohnke, PhD, is an associate professor of cybersecurity and the principle investigator of the Center for Academic Excellence in Cyber Defence at the University of Detroit Mercy. Anne’s research is focused in cybersecurity, risk management, threat modeling, and mitigating attack vectors.
Ken Sigler, MS, is a faculty member of the Computer Information Systems (CIS) program at the Auburn Hills campus of Oakland Community College in Michigan. Ken’s research is in the areas of software management, software assurance, and cybersecurity.
