Zum Hauptinhalt springen
Dekorationsartikel gehören nicht zum Leistungsumfang.
IT Security Controls
A Guide to Corporate Standards and Frameworks
Taschenbuch von Oben Kuyucu (u. a.)
Sprache: Englisch

69,54 €*

inkl. MwSt.

Versandkostenfrei per Post / DHL

Aktuell nicht verfügbar

Kategorien:
Beschreibung
Use this reference for IT security practitioners to get an overview of the major standards and frameworks, and a proposed architecture to meet them. The book identifies and describes the necessary controls and processes that must be implemented in order to secure your organization's infrastructure.
The book proposes a comprehensive approach to the implementation of IT security controls with an easily understandable graphic implementation proposal to comply with the most relevant market standards (ISO 27001, NIST, PCI-DSS, and COBIT) and a significant number of regulatory frameworks from central banks across the World (European Union, Switzerland, UK, Singapore, Hong Kong, India, Qatar, Kuwait, Saudi Arabia, Oman, etc.).

To connect the book with the real world, a number of well-known case studies are featured to explain what went wrong with the biggest hacks of the decade, and which controls should have been in place to prevent them. The book also describes a set of well-knownsecurity tools available to support you.
What You Will Learn
Understand corporate IT security controls, including governance, policies, procedures, and security awareness
Know cybersecurity and risk assessment techniques such as penetration testing, red teaming, compliance scans, firewall assurance, and vulnerability scans
Understand technical IT security controls for unmanaged and managed devices, and perimeter controls
Implement security testing tools such as steganography, vulnerability scanners, session hijacking, intrusion detection, and more

Who This Book Is For

IT security managers, chief information security officers, information security practitioners, and IT auditors will use the book as a reference and support guide to conduct gap analyses and audits of their organizations¿ IT security controls implementations.
Use this reference for IT security practitioners to get an overview of the major standards and frameworks, and a proposed architecture to meet them. The book identifies and describes the necessary controls and processes that must be implemented in order to secure your organization's infrastructure.
The book proposes a comprehensive approach to the implementation of IT security controls with an easily understandable graphic implementation proposal to comply with the most relevant market standards (ISO 27001, NIST, PCI-DSS, and COBIT) and a significant number of regulatory frameworks from central banks across the World (European Union, Switzerland, UK, Singapore, Hong Kong, India, Qatar, Kuwait, Saudi Arabia, Oman, etc.).

To connect the book with the real world, a number of well-known case studies are featured to explain what went wrong with the biggest hacks of the decade, and which controls should have been in place to prevent them. The book also describes a set of well-knownsecurity tools available to support you.
What You Will Learn
Understand corporate IT security controls, including governance, policies, procedures, and security awareness
Know cybersecurity and risk assessment techniques such as penetration testing, red teaming, compliance scans, firewall assurance, and vulnerability scans
Understand technical IT security controls for unmanaged and managed devices, and perimeter controls
Implement security testing tools such as steganography, vulnerability scanners, session hijacking, intrusion detection, and more

Who This Book Is For

IT security managers, chief information security officers, information security practitioners, and IT auditors will use the book as a reference and support guide to conduct gap analyses and audits of their organizations¿ IT security controls implementations.
Über den Autor

Virgilio Viegas, CISSP, CCSP, CISM, CISA, CRISC, CEH, has more than 25 years of experience in the banking sector, having worked in Europe, Asia and the Middle East. Currently he is the Group Head of International IT Security in one of the largest financial institutions in the Middle East and Africa with a strong presence across Europe, Africa and Asia.

Virgilio previously worked for more than 20 years for a major Portuguese financial institution, where he participated in the design and implementation of a Internet services reference platform and later developed an information security reference architecture.

While working in Asia, Virgilio developed projects related to information security, compliance, and retail such as Internet banking, ATM and POS network implementation, issuing and acquiring international card schemes, anti-money laundering, customer fingerprint authentication, amongst others. He also supported projects with significant impact in the Timor-Leste financial sector such as the definition of the country International Bank Account Number (IBAN) standard, the implementation of the Real Time Gross Settlement System (RTGS), and the national ATM and POS switch.


Oben Kuyucu, CISSP, CISA, has 15 years of experience in IT security, cybersecurity, governance, risk, compliance, and PCI DSS, as well as other international standards and regulations. Currently, he is an IT Security Governance and Oversight Senior Analyst at one of the largest financial institutions in the Middle East and Africa.

Oben previously worked as Senior Information Security Expert and PCI Qualified Security Assessor (QSA) at a leading information security company in Turkey. He was the first PCI 3DSecure Assessor and one of the first PCI QSAs in Turkey, and he carried out more than 150 IT security-related engagements, mainly related to PCI DSS and ISO 27001 internal audits.

Throughout his career Oben has performed PCIDSS auditing, system administration, design, penetration testing, security analysis, consulting, pre-sales activities and post-sales support for companies in Europe, Asia, and the Middle East. He also has made a significant contribution to many information security projects, including providing support to a PCI SSC Approved Scanning Vendor portal and transforming it into a governance, risk, and compliance vulnerability management tool.

Zusammenfassung

Helps review and implement security standards and frameworks, including ISO, NIST, PCI DSS, COBIT, and more

Teaches fundamental controls and processes by using an implementation framework and follow-up metrics

Shows how to implement a security technical controls matrix as well as a processes maturity-level matrix

Inhaltsverzeichnis
Chapter 1. The Cybersecurity Challenge.- Chapter 2. International Security Standards.- Chapter 3. Information Security Frameworks.- Chapter 4. IT Security Technical Controls.- Chapter 5. Corporate Information Security Processes and Services.- Chapter 6. People.- Chapter 7. Security Metrics.- Chapter 8. Case Studies.- Chapter 9. Security Testing and Attack Simulation Tools
Appendix 1: IT Security Technical Controls, Processes, and Services Matrix
Appendix 2: Information Security Certifications
Appendix 3: Knowledge of Secure Acquisitions
Appendix 4: Resource Library
Details
Erscheinungsjahr: 2022
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: xxi
354 S.
40 s/w Illustr.
3 farbige Illustr.
354 p. 43 illus.
3 illus. in color.
ISBN-13: 9781484277980
ISBN-10: 1484277988
Sprache: Englisch
Ausstattung / Beilage: Paperback
Einband: Kartoniert / Broschiert
Autor: Kuyucu, Oben
Viegas, Virgilio
Auflage: 1st ed.
Hersteller: Apress
Apress L.P.
Maße: 254 x 178 x 21 mm
Von/Mit: Oben Kuyucu (u. a.)
Erscheinungsdatum: 24.03.2022
Gewicht: 0,706 kg
Artikel-ID: 120525387
Über den Autor

Virgilio Viegas, CISSP, CCSP, CISM, CISA, CRISC, CEH, has more than 25 years of experience in the banking sector, having worked in Europe, Asia and the Middle East. Currently he is the Group Head of International IT Security in one of the largest financial institutions in the Middle East and Africa with a strong presence across Europe, Africa and Asia.

Virgilio previously worked for more than 20 years for a major Portuguese financial institution, where he participated in the design and implementation of a Internet services reference platform and later developed an information security reference architecture.

While working in Asia, Virgilio developed projects related to information security, compliance, and retail such as Internet banking, ATM and POS network implementation, issuing and acquiring international card schemes, anti-money laundering, customer fingerprint authentication, amongst others. He also supported projects with significant impact in the Timor-Leste financial sector such as the definition of the country International Bank Account Number (IBAN) standard, the implementation of the Real Time Gross Settlement System (RTGS), and the national ATM and POS switch.


Oben Kuyucu, CISSP, CISA, has 15 years of experience in IT security, cybersecurity, governance, risk, compliance, and PCI DSS, as well as other international standards and regulations. Currently, he is an IT Security Governance and Oversight Senior Analyst at one of the largest financial institutions in the Middle East and Africa.

Oben previously worked as Senior Information Security Expert and PCI Qualified Security Assessor (QSA) at a leading information security company in Turkey. He was the first PCI 3DSecure Assessor and one of the first PCI QSAs in Turkey, and he carried out more than 150 IT security-related engagements, mainly related to PCI DSS and ISO 27001 internal audits.

Throughout his career Oben has performed PCIDSS auditing, system administration, design, penetration testing, security analysis, consulting, pre-sales activities and post-sales support for companies in Europe, Asia, and the Middle East. He also has made a significant contribution to many information security projects, including providing support to a PCI SSC Approved Scanning Vendor portal and transforming it into a governance, risk, and compliance vulnerability management tool.

Zusammenfassung

Helps review and implement security standards and frameworks, including ISO, NIST, PCI DSS, COBIT, and more

Teaches fundamental controls and processes by using an implementation framework and follow-up metrics

Shows how to implement a security technical controls matrix as well as a processes maturity-level matrix

Inhaltsverzeichnis
Chapter 1. The Cybersecurity Challenge.- Chapter 2. International Security Standards.- Chapter 3. Information Security Frameworks.- Chapter 4. IT Security Technical Controls.- Chapter 5. Corporate Information Security Processes and Services.- Chapter 6. People.- Chapter 7. Security Metrics.- Chapter 8. Case Studies.- Chapter 9. Security Testing and Attack Simulation Tools
Appendix 1: IT Security Technical Controls, Processes, and Services Matrix
Appendix 2: Information Security Certifications
Appendix 3: Knowledge of Secure Acquisitions
Appendix 4: Resource Library
Details
Erscheinungsjahr: 2022
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: xxi
354 S.
40 s/w Illustr.
3 farbige Illustr.
354 p. 43 illus.
3 illus. in color.
ISBN-13: 9781484277980
ISBN-10: 1484277988
Sprache: Englisch
Ausstattung / Beilage: Paperback
Einband: Kartoniert / Broschiert
Autor: Kuyucu, Oben
Viegas, Virgilio
Auflage: 1st ed.
Hersteller: Apress
Apress L.P.
Maße: 254 x 178 x 21 mm
Von/Mit: Oben Kuyucu (u. a.)
Erscheinungsdatum: 24.03.2022
Gewicht: 0,706 kg
Artikel-ID: 120525387
Warnhinweis

Ähnliche Produkte

Ähnliche Produkte