Defensive Security Handbook: Best Practices for Securing by Lee Brotherston

By Lee Brotherston

Despite the rise of high-profile hacks, record-breaking facts leaks, and ransomware assaults, many companies don’t have the price range to set up or outsource a data safeguard (InfoSec) software, forcing them to profit at the activity. for corporations obliged to improvise, this pragmatic advisor offers a security-101 instruction manual with steps, instruments, methods, and concepts that will help you force maximum-security development at very little cost.

Each bankruptcy during this publication offers step by step directions for facing a particular factor, together with breaches and mess ups, compliance, community infrastructure and password administration, vulnerability scanning, and penetration trying out, between others. community engineers, approach directors, and safety pros will research instruments and methods to aid increase defense in good, potential chunks.

  • Learn basics of beginning or remodeling an InfoSec program
  • Create a base set of guidelines, criteria, and procedures
  • Plan and layout incident reaction, catastrophe restoration, compliance, and actual security
  • Bolster Microsoft and Unix platforms, community infrastructure, and password management
  • Use segmentation practices and designs to compartmentalize your network
  • Explore automatic procedure and instruments for vulnerability management
  • Securely improve code to lessen exploitable errors
  • Understand simple penetration checking out techniques via pink teaming
  • Delve into IDS, IPS, SOC, logging, and monitoring

Show description

Read or Download Defensive Security Handbook: Best Practices for Securing Infrastructure PDF

Best network administration books

MySQL and PHP From Scratch

Apache, MySQL, PHP3, and IMP the items exist. every bit has been defined advert nauseam. What doesn't exist is a consultant to the wedding of those software program applied sciences right into a precious ebook, beforehand. This e-book places jointly info on fitting, developing, and troubleshooting each one of those applied sciences into one whole quantity.

CISA Certified Information Systems Auditor All-in-One Exam Guide

"All-in-One is All you wish. " CISA qualified info platforms Auditor multi functional examination consultant Get whole assurance of the entire fabric integrated at the qualified details structures Auditor examination inside of this complete source. Written via an IT defense and audit specialist, this authoritative consultant covers all six examination domain names built by way of the knowledge structures Audit and keep an eye on organization (ISACA).

Programming Internet Mail

Three hundred pages, 7 x 10 inches or 18 x 25. five cm, not easy conceal, 60 photographs (57 color), index. This booklet, initially released in German, is a well-known vintage at the biology of captive reptiles (and chosen amphibians). In it, the writer conscientiously summarizes a tremendous physique of data either his personal broad adventure at Tierpark Berlin and an unlimited literature a lot of which has been little recognized outdoor the German-speaking global.

Outlook 2010 All-in-One For Dummies

Because the #1 e mail patron and private info supervisor, Microsoft Outlook bargains a collection of simple positive factors that maximize the administration of your email, time table, and normal day-by-day actions, with the smallest amount of difficulty attainable. made from ten minibooks in a single and filled with greater than 800 pages, this All-in-One For Dummies reference walks you thru the ease of Microsoft Outlook and introduces you to the most recent good points of the 2010 model.

Extra resources for Defensive Security Handbook: Best Practices for Securing Infrastructure

Example text

All aspects need to be taken into account when creating each tier. Use Cases, Tabletops, and Drills Use cases are important for showcasing situations that may put critical infrastructure, sensitive data, or other assets at risk. Brainstorm with data owners and leaders to plan ahead for malicious attacks. It is best to come up with around three different use cases to focus on in the beginning and plan on building security mitigations and monitoring around them. Items such as ransomware, DDoS (Distributed Denial of Service), disgruntled employee, insider threat, and data exfiltration are all good examples of possible use cases.

The book then moves on to planning and dealing with breaches, disasters, compliance, and physical security, all of which combine the management and organizational side of information security with the physical tools and infrastructure needed to complete them. Being prepared in the case of any type of physical or technical emergency can mean the difference between a smooth and steady recovery or a complete company failure — and anything in between. A good, solid ground-up design is just the beginning.

Navigating the Book We have deliberately written this so that you do not have to adopt an all-or-nothing approach. Each of the chapters can serve as a standalone body of knowledge for a particular area of interest, meaning that you can pick and choose which subjects work for you and your organization, and ignore any that you feel may not apply. The aim is not to achieve compliance with a particular framework or compliance regime, but to improve on the current situation in sensible, pragmatic, manageable chunks.

Download PDF sample

Rated 4.43 of 5 – based on 18 votes