MTU Cork Library Catalogue

Syndetics cover image
Image from Syndetics

97 things every information security professional should know [electronic book] : collective wisdom from the experts / edited by Christina Morillo.

Contributor(s): Morillo, Christina [editor].
Material type: materialTypeLabelBookPublisher: Sebastopol, Ca : O'Reilly Media Incorporated, [2021]Copyright date: ©2021Description: online resource (xvi, 249 pages) : illustrations (some color).Content type: text Media type: computer Carrier type: online resourceISBN: 9781098101398 (paperback); 9781098101367 (e-book).Subject(s): Computer security | Computer networks -- Safety measures | Data protectionDDC classification: 005.8 Online resources: E-book
Contents:
Continuously learn to protect tomorrow's technology -- Fight in cyber like the military fights in the physical -- Three major planes -- InfoSec professionals need to know operational resilience -- Taking control of your own journey -- Security, privacy, and messy data webs: taking back control in third party environments -- Every information security problems boils down to one thing -- And in this corner, it's security versus the business -- Don't overlook prior art from other industries -- Powerful metrics always lose to poor communication -- "No" may not be a strategic word -- Keep people in the centre of your work -- Take a beat: thinking like a firefighter for better incident response -- A diverse path to better security professionals -- It's not all about the tools -- Four things to know about cybersecurity -- Vetting resources and having patience when learning information security topics -- Focus on the what and the why first, not the tool -- Insiders don't care for controls -- Identity and access management: the value of user experience -- Lessons from cross-training to law -- Ransomware -- The key to success in your cloud journey beings with a shared responsibility model -- Why InfoSec practitioners need to know about Agile and DevOps -- The business is always right -- Why choose Linux as your secure operating system -- New world, new rules, same principles -- Data protection: impact on software development -- An introduction to security in the cloud -- Knowing normal -- All signs point to a schism in cybersecurity -- DevSecOps is evolving to drive a risk-based digital transformation -- Availabllity is a security concern too -- Security is people -- Penetration testing: why can't it be like and movies -- How many ingredients does it take to make an information security professional -- Understanding open source licensing and security -- Planning for incident response customer notifications -- Managing security alert fatigue -- Taking advantage of NIST's resources -- Applying Agile SDLC methodology to your career -- Failing spectacularly -- The solid impact of soft skills -- What is good cyber hygiene within information security -- Phishing -- Building a new security program -- Using isolation zones to increase cloud security -- If it's remembered for you, forensics can uncover it -- Certifications considered harmful -- Security considerations for IoT device management -- Lessons learned: cybersecurity road trip -- Finding your voice -- Best practices for vulnerability management -- Social engineering -- Stalkerware: when Malware and domestic abuse coincide -- Understanding and exploring risk -- The psychology of incident response -- Priorities and ethics/morality -- DevSecOps: Continuous security has come to stay -- Cloud security: a 5000 mile view from the top -- Balancing the risk and productivity of browser extensions -- Technical project ideas towards learning web application security -- Monitoring: you can't defend against what you don't see -- Documentation matters -- The dirty truth behind breaking into cybersecurity -- Cloud security -- Empathy and change -- Information security ever after -- Don't check it in -- Threat modeling for SIEM alerts -- Security incident response and career longevity -- Incident management -- Structure chaos -- CWE top 25 most dangerous software weaknessess -- Threat hunting based on machine learning -- Get in where you fit in -- Look inside and see what can be -- DevOps for InfoSec professionals -- Get familiar with R & R (risk and resilience) -- Password management -- Let's go Phishing -- Vulnerability management -- Reduce insider risk through employee empowerment --Fitting certifications into your career path -- Phishing reporting is the best detection -- Know your data -- Don't let the cybersecurity talent shortage leave your firm vulnerable -- Comfortable versus confident -- Some thoughts on PKI -- What is a security champion -- Risk management in information security -- Risk 2FA, MFA, it's all just authentication? Isn't it -- Things I wish I knew before getting into cybersecurity -- Research is not just for paper writing -- The security practitioner -- Threat intelligence in two steps -- Maintaining compliance and information security with blue team assistance.

Enhanced descriptions from Syndetics:

Whether you're searching for new or additional opportunities, information security can be vast and overwhelming. In this practical guide, author Christina Morillo introduces technical knowledge from a diverse range of experts in the infosec field. Through 97 concise and useful tips, you'll learn how to expand your skills and solve common issues by working through everyday security problems.

You'll also receive valuable guidance from professionals on how to navigate your career within this industry. How do you get buy-in from the C-suite for your security program? How do you establish an incident and disaster response plan? This practical book takes you through actionable advice on a wide variety of infosec topics, including thought-provoking questions that drive the direction of the field.

Continuously Learn to Protect Tomorrow's Technology - Alyssa Columbus Fight in Cyber Like the Military Fights in the Physical - Andrew Harris Keep People at the Center of Your Work - Camille Stewart Infosec Professionals Need to Know Operational Resilience - Ann Johnson Taking Control of Your Own Journey - Antoine Middleton Security, Privacy, and Messy Data Webs: Taking Back Control in Third-Party Environments - Ben Brook Every Information Security Problem Boils Down to One Thing - Ben Smith Focus on the WHAT and the Why First, Not the Tool - Christina Morillo

Includes index.

Continuously learn to protect tomorrow's technology -- Fight in cyber like the military fights in the physical -- Three major planes -- InfoSec professionals need to know operational resilience -- Taking control of your own journey -- Security, privacy, and messy data webs: taking back control in third party environments -- Every information security problems boils down to one thing -- And in this corner, it's security versus the business -- Don't overlook prior art from other industries -- Powerful metrics always lose to poor communication -- "No" may not be a strategic word -- Keep people in the centre of your work -- Take a beat: thinking like a firefighter for better incident response -- A diverse path to better security professionals -- It's not all about the tools -- Four things to know about cybersecurity -- Vetting resources and having patience when learning information security topics -- Focus on the what and the why first, not the tool -- Insiders don't care for controls -- Identity and access management: the value of user experience -- Lessons from cross-training to law -- Ransomware -- The key to success in your cloud journey beings with a shared responsibility model -- Why InfoSec practitioners need to know about Agile and DevOps -- The business is always right -- Why choose Linux as your secure operating system -- New world, new rules, same principles -- Data protection: impact on software development -- An introduction to security in the cloud -- Knowing normal -- All signs point to a schism in cybersecurity -- DevSecOps is evolving to drive a risk-based digital transformation -- Availabllity is a security concern too -- Security is people -- Penetration testing: why can't it be like and movies -- How many ingredients does it take to make an information security professional -- Understanding open source licensing and security -- Planning for incident response customer notifications -- Managing security alert fatigue -- Taking advantage of NIST's resources -- Applying Agile SDLC methodology to your career -- Failing spectacularly -- The solid impact of soft skills -- What is good cyber hygiene within information security -- Phishing -- Building a new security program -- Using isolation zones to increase cloud security -- If it's remembered for you, forensics can uncover it -- Certifications considered harmful -- Security considerations for IoT device management -- Lessons learned: cybersecurity road trip -- Finding your voice -- Best practices for vulnerability management -- Social engineering -- Stalkerware: when Malware and domestic abuse coincide -- Understanding and exploring risk -- The psychology of incident response -- Priorities and ethics/morality -- DevSecOps: Continuous security has come to stay -- Cloud security: a 5000 mile view from the top -- Balancing the risk and productivity of browser extensions -- Technical project ideas towards learning web application security -- Monitoring: you can't defend against what you don't see -- Documentation matters -- The dirty truth behind breaking into cybersecurity -- Cloud security -- Empathy and change -- Information security ever after -- Don't check it in -- Threat modeling for SIEM alerts -- Security incident response and career longevity -- Incident management -- Structure chaos -- CWE top 25 most dangerous software weaknessess -- Threat hunting based on machine learning -- Get in where you fit in -- Look inside and see what can be -- DevOps for InfoSec professionals -- Get familiar with R & R (risk and resilience) -- Password management -- Let's go Phishing -- Vulnerability management -- Reduce insider risk through employee empowerment --Fitting certifications into your career path -- Phishing reporting is the best detection -- Know your data -- Don't let the cybersecurity talent shortage leave your firm vulnerable -- Comfortable versus confident -- Some thoughts on PKI -- What is a security champion -- Risk management in information security -- Risk 2FA, MFA, it's all just authentication? Isn't it -- Things I wish I knew before getting into cybersecurity -- Research is not just for paper writing -- The security practitioner -- Threat intelligence in two steps -- Maintaining compliance and information security with blue team assistance.

Electronic reproduction.: ProQuest LibCentral. Mode of access: World Wide Web.

Table of contents provided by Syndetics

  • Preface (p. xiii)
  • 1 Continuously Learn to Protect Tomorrow's Technology (p. 1)
  • 2 Fight in Cyber like the Military Fights in the Physical (p. 3)
  • 3 Three Major Planes (p. 6)
  • 4 InfoSec Professionals Need to Know Operational Resilience (p. 9)
  • 5 Taking Control of Your Own Journey (p. 11)
  • 6 Security, Privacy, and Messy Data Webs: Taking Back Control in Third-Party Environments (p. 13)
  • 7 Every Information Security Problem Boils Down to One Thing (p. 15)
  • 8 And in This Corner, It's Security Versus the Business! (p. 17)
  • 9 Don't Overlook Prior Art from Other Industries (p. 19)
  • 10 Powerful Metrics Always Lose to Poor Communication (p. 21)
  • 11 "No" May Not Be a Strategic Word (p. 23)
  • 12 Keep People at the Center of Your Work (p. 25)
  • 13 Take a Beat: Thinking Like a Firefighter for Better Incident Response (p. 27)
  • 14 A Diverse Path to Better Security Professionals (p. 29)
  • 15 It's Not About the Tools (p. 31)
  • 16 Four Things to Know About Cybersecurity (p. 33)
  • 17 Vetting Resources and Having Patience when Learning Information Security Topics (p. 36)
  • 18 Focus on the What and the Why First, Not the Tool (p. 38)
  • 19 Insiders Don't Care for Controls (p. 40)
  • 20 Identity and Access Management: The Experience (p. 42)
  • 21 Lessons from Cross-Training in Law (p. 44)
  • 22 Ransomware (p. 46)
  • 23 The Key to Success in Your Cloud Journey Begins with the Shared Responsibility Model (p. 48)
  • 24 Why InfoSec Practitioners Need to Know About Agile and DevOps (p. 50)
  • 25 The Business Is Always Right (p. 53)
  • 26 Why Choose Linux as Your Secure Operating System? (p. 55)
  • 27 New World, New Rules, Same Principles (p. 57)
  • 28 Data Protection: Impact on Software Development (p. 59)
  • 29 An Introduction to Security in the Cloud (p. 62)
  • 30 Knowing Normal (p. 65)
  • 31 All Signs Point to a Schism in Cybersecurity (p. 67)
  • 32 DevSecOps Is Evolving to Drive a Risk-Based Digital Transformation (p. 69)
  • 33 Availability Is a Security Concern Too (p. 71)
  • 34 Security Is People (p. 73)
  • 35 Penetration Testing: Why Can't It Be Like the Movies? (p. 75)
  • 36 How Many Ingredients Does It Take to Make an Information Security Professional? (p. 77)
  • 37 Understanding Open Source Licensing and Security (p. 79)
  • 38 Planning for Incident Response Customer Notifications (p. 81)
  • 39 Managing Security Alert Fatigue (p. 84)
  • 40 Take Advantage of NIST's Resources (p. 86)
  • 41 Apply Agile SDLC Methodology to Your Career (p. 88)
  • 42 Failing Spectacularly (p. 90)
  • 43 The Solid Impact of Soft Skills (p. 92)
  • 44 What Is Good Cyber Hygiene Within Information Security? (p. 94)
  • 45 Phishing (p. 96)
  • 46 Building a New Security Program (p. 98)
  • 47 Using Isolation Zones to Increase Cloud Security (p. 100)
  • 48 If It's Remembered for You, Forensics Can Uncover It (p. 103)
  • 49 Certifications Considered Harmful (p. 105)
  • 50 Security Considerations for IoT Device Management (p. 107)
  • 51 Lessons Learned: Cybersecurity Road Trip (p. 109)
  • 52 Finding Your Voice (p. 111)
  • 53 Best Practices with Vulnerability Management (p. 113)
  • 54 Social Engineering (p. 115)
  • 55 Stalkerware: When Malware and Domestic Abuse Coincide (p. 117)
  • 56 Understanding and Exploring Risk (p. 119)
  • 57 The Psychology of Incident Response (p. 121)
  • 58 Priorities and Ethics/Morality (p. 123)
  • 59 DevSecOps: Continuous Security Has Come to Stay (p. 125)
  • 60 Cloud Security: A 5,000 Mile View from the Top (p. 128)
  • 61 Balancing the Risk and Productivity of Browser Extensions (p. 130)
  • 62 Technical Project Ideas Towards Learning Web Application Security (p. 132)
  • 63 Monitoring: You Can't Defend Against What You Don't See (p. 134)
  • 64 Documentation Matters (p. 136)
  • 65 The Dirty Truth Behind Breaking into Cybersecurity (p. 137)
  • 66 Cloud Security (p. 139)
  • 67 Empathy and Change (p. 141)
  • 68 Information Security Ever After (p. 143)
  • 69 Don't Check It In! (p. 145)
  • 70 Threat Modeling for SIEM Alerts (p. 147)
  • 71 Security Incident Response and Career Longevity (p. 149)
  • 72 Incident Management (p. 151)
  • 73 Structure over Chaos (p. 153)
  • 74 CWE Top 25 Most Dangerous Software Weaknesses (p. 155)
  • 75 Threat Hunting Based on Machine Learning (p. 157)
  • 76 Get In Where You Fit In (p. 159)
  • 77 Look Inside and See What Can Be (p. 161)
  • 78 DevOps for InfoSec Professionals (p. 164)
  • 79 Get Familiar with R&R (Risk and Resilience) (p. 167)
  • 80 Password Management (p. 169)
  • 81 Let's Go Phishing (p. 171)
  • 82 Vulnerability Management (p. 173)
  • 83 Reduce Insider Risk Through Employee Empowerment (p. 175)
  • 84 Fitting Certifications into Your Career Path (p. 178)
  • 85 Phishing Reporting Is the Best Detection (p. 180)
  • 86 Know Your Data (p. 182)
  • 87 Don't Let the Cybersecurity Talent Shortage Leave Your Firm Vulnerable (p. 184)
  • 88 Comfortable Versus Confident (p. 186)
  • 89 Some Thoughts on PKI (p. 188)
  • 90 What Is a Security Champion? (p. 190)
  • 91 Risk Management in Information Security (p. 193)
  • 92 Risk, 2FA, MFA, It's All Just Authentication! Isn't It? (p. 195)
  • 93 Things I Wish I Knew Before Getting into Cybersecurity (p. 197)
  • 94 Research Is Not Just for Paper Writing (p. 199)
  • 95 The Security Practitioner (p. 201)
  • 96 Threat Intelligence in Two Steps (p. 203)
  • 97 Maintaining Compliance and Information Security with Blue Team Assistance (p. 205)
  • Contributors (p. 207)
  • Index (p. 241)
  • About the Editor (p. 248)

Author notes provided by Syndetics

Christina Morillo is an information security, cybersecurity, and technology leader with expertise in enterprise security engineering, identity and access, insider threat, and cloud and identity programs and deployments. Her extensive experience has taken her to companies like Morgan Stanley, Fitch Ratings, AllianceBernstein, and Microsoft.

Powered by Koha