shopify visitor statistics

All my books and other Pearson books available via this Web site at a greater discount than online bookstores. Go to discount book purchase.

EFFECTIVE CYBERSECURITY: A Guide to Using Best Practices and Standards
This book gives security managers and implementers a comprehensive understanding of the technology, operational procedures, and management practices needed for successful cybersecurity. The book makes extensive use of standards and best practices documents that are used to guide or mandate cybersecurity implementation. Going beyond these, it offers in-depth tutorials on the “how” of implementation, integrated into a unified framework and realistic plan of action. Here is the Table of Contents. The Pearson Site for this book includes PPT slides and answers to review questions for instructors.

page22-www_iconUseful Links
page22-orangeball Computer Science Student Resource Site: Help and advice for students and professionals.
orangeball Errata sheet: Latest list of errors, updated at most monthly. File name is Errata-Cybersecurity-mmyy. If you spot any errors, please contact me at Email.

Chapter 1 - Best Practices and Standards

page22-orangeball NIST Cybersecurity Site: A range of resources related to NIST programs and documents on cybersecurity.
page22-orangeball NIST Computer Security Resource Center: This is an essential resource. Provides access to CSRC projects, news, huge publications library, and an extensive glossary.
page22-orangeball Information Security Forum: Many resources, including the Standard of Good Practice. Many of these require that you be a member but there are some useful free resources.
page22-orangeball PCI Security Standards Council: Provides free access to PCI-DSS, other standards, and supporting documents.
page22-orangeball ITU-T Recommendations: The complete collection of Recommendations, most of which are free.
page22-orangeball Center for Internet Security: Provides a collection of controls, best practices, and threat reports.
page22-orangeball ISACA: Good collection of documents and other resources.
page22-orangeball ENISA: Home page for the EU Agency for Network and Information Security. Excellent collection of documents.
page22-orangeball Communications Security Establishment: Home page for the the Government of Canada's national cryptologic agency. A number of useful documents.

Chapter 3 - Information Risk Assessment

page22-orangeball CAPEC: Common Attack Pattern Enumeration and Classification. Maintained by MITRE, CAPEC™ is a comprehensive dictionary and classification taxonomy of known attacks that can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses.
page22-orangeball NIST National Vulnerability Database (NVD): Repository of standards based vulnerability management data. This enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
page22-orangeball Security Focus: A wide variety of security information, with an emphasis on vendor products and end-user concerns. Maintains the Bugtraq, a mailing list for the detailed discussion and announcement of computer security vulnerabilities.
page22-orangeball SANS Institute: Similar to Security Focus. Extensive collection of white papers. Maintains Internet Storm Center, which provides a warning service to Internet users and organizations concerning security threats.
page22-orangeball Packet Storm: Resource of up-to-date and historical security tools, exploits, and advisories.
page22-orangeball Open Group Security Standards: Security documents including those related to FAIR.

Chapter 4 - People Management

page22-orangeball NIST Awareness, Training, and Education (ATE): Contains a number of links to government, industry, and academic sites that offer or sell both awareness and training material.

Chapter 6 - Information Management

page22-orangeball EU GDPR: Documents and links related to the General Data Protection Regulation.

Chapter 7 - Physical Asset Management

page22-orangeball Industrial Control Systems Cyber Emergency Response Team: Web site maintained by the U.S. Department of Homeland Security. The site contains a wide range of advisories, fact sheets, and white papers, and is frequently updated..

Chapter 9 - Business Application Management

page22-orangeball Open Web Application Security Project: An open software security community with a range of resources.

Chapter 12 - Networks and Communications

orangeball Numerous links to firewall references and software resources.

Chapter 13 - Supply Chain Management

page22-orangeball Cyber Supply Chain Risk Management: NIST project site. A number of documents on the subject.
page22-orangeball Cloud Standards Customer Council: NIST project site. A number of documents on the subject.
page22-orangeball Cloud Security Alliance: Organization promoting best practices for cloud security implementation. Site contains useful documents and links.
orangeball NIST CLoud Computing Program:Useful information, links, and documents.

Chapter 14 - Technical Security Management

orangeball SABSA: Useful white papers on Enterprise Security Architecture and related topics.
orangeball Vmyths: Dedicated to exposing virus hoaxes and dispelling misconceptions about real viruses.
orangeball SecureList: Site maintained by commercial antivirus software provider. Good collection of useful information on viruses, hackers, and spam.
orangeball DDoS Attacks/Tools: Extensive list of links and documents.
orangeball Network Abuse Clearinghouse: Web sites, software, books, and other resources for dealing with spam and other network abuse.
orangeball NIST Cryptographic Module Validation Program: Validates vendor offerings using independent accredited laboratories.

Chapter 15 - Threat and Incident Management

page22-orangeball CERT Coordination Center: The organization that grew from the computer emergency response team formed by the Defense Advanced Research Projects Agency. Site provides good information on Internet security threats, vulnerabilities, and attack statistics.
orangeball United States Computer Emergency Readiness Team: US-CERT is a partnership between the Department of Homeland Security and the public and private sectors, intended to coordinate the response to security threats from the Internet. The site has a good collection of technical papers, and information and alerts on current security issues, vulnerabilities and exploits.
orangeball National Council of ISACs: Central site for 20 information sharing and analysis centers. ISACs provide a central resource for gathering information on cyber threats to critical infrastructure and providing two-way sharing of information between the private and public sector.

Chapter 16 - Local Environment Management

page22-orangeball United Nations Office for Disaster Risk Reduction: Wide range of resources for planning for and dealing with national disasters.
page22-orangeball Natural Disaster Risk Management Series: A useful collection of publications an natural disaster risk management.