Start-Up Secure: Baking Cybersecurity Into Your Company from Founding to Exit (Hardcover)

· 제목 : Start-Up Secure: Baking Cybersecurity Into Your Company from Founding to Exit (Hardcover) 
· 분류 : 외국도서 > 경제경영 > 중소기업
· ISBN : 9781119700739
· 쪽수 : 160쪽
· 출판일 : 2021-05-11

Foreword xv

Preface xvii

Acknowledgments xxi

About the Author xxv

Introduction 1

Part I Fundamentals

Chapter 1: Minimum Security Investment for Maximum Risk Reduction 7

Communicating Your Cybersecurity 9

Email Security 10

Secure Your Credentials 12

SAAS Can Be Secure 14

Patching 15

Antivirus is Still Necessary but Goes by a Different Name 18

Mobile Devices 18

Summary 20

Action Plan 20

Notes 21

Chapter 2: Cybersecurity Strategy and Roadmap Development 23

What Type of Business is This? 24

What Types of Customers Will We Sell To? 24

What Types of Information Will the Business Consume? 25

What Types of Information Will the Business Create? 25

Where Geographically Will Business Be Conducted? 26

Building the Roadmap 26

Opening Statement 26

Stakeholders 27

Tactics 27

Measurability 27

Case Study 28

Summary 30

Action Plan 30

Note 30

Chapter 3: Secure Your Credentials 31

Password Managers 32

Passphrase 33

Multi-Factor Authentication 35

Entitlements 37

Key Management 38

Case Study 39

Summary 41

Action Plan 42

Notes 42

Chapter 4: Endpoint Protection 43

Vendors 44

Selecting an EDR 45

Managed Detection and Response 46

Case Study 49

Summary 50

Action Plan 51

Notes 51

Chapter 5: Your Office Network 53

Your First Office Space 54

Co-Working Spaces 57

Virtual Private Network 58

Summary 60

Action Plan 60

Notes 60

Chapter 6: Your Product in the Cloud 63

Secure Your Cloud Provider Accounts 65

Protect Your Workloads 66

Patching 67

Endpoint Protection 68

Secure Your Containers 69

Summary 70

Action Plan 70

Notes 71

Chapter 7: Information Technology 73

Asset Management 74

Identity and Access Management 76

Summary 77

Action Plan 78

Part II Growing the Team

Chapter 8: Hiring, Outsourcing, or Hybrid 81

Catalysts to Hiring 82

Get the First Hire Right 83

Executive versus Individual Contributor 84

Recruiting 86

Job Descriptions 86

Interviewing 88

First 90 Days is a Myth 90

Summary 90

Action Plan 90

Note 91

Part III Maturation

Chapter 9: Compliance 95

Master Service Agreements, Terms and Conditions, Oh My 96

Patch and Vulnerability Management 97

Antivirus 98

Auditing 98

Incident Response 99

Policies and Controls 100

Change Management 100

Encryption 101

Data Loss Prevention 101

Data Processing Agreement 102

Summary 102

Action Plan 103

Note 103

Chapter 10: Industry and Government Standards and Regulations 105

Open Source 106

OWASP 106

Center for Internet Security 20 106

United States Public 106

SOC 106

Retail 109

PCI DSS 109

SOX 111

Energy, Oil, and Gas 111

NERC CIP 111

ISA-62443-3-3 (99.03.03)-2013 112

Federal Energy Regulatory Commission 112

Department of Energy Cybersecurity Framework 112

Health 113

HIPAA 113

HITECH 114

HITRUST 114

Financial 114

FFIEC 114

FINRA 115

NCUA 115

Education 115

FERPA 115

International 116

International Organization for Standardization (ISO) 116

UL 2900 117

GDPR 117

Privacy Shield 118

UK Cyber Essentials 118

United States Federal and State Government 118

NIST 119

NISPOM 120

DFARS PGI 120

FedRAMP 120

FISMA 122

NYCRR 500 122

CCPA 122

Summary 123

Action Plan 123

Notes 124

Chapter 11: Communicating Your Cybersecurity Posture and Maturity to Customers 127

Certifications and Audits 128

Questionnaires 129

Shared Assessments 129

Cloud Security Alliance 130

Vendor Security Alliance 130

Sharing Data with Your Customer 131

Case Study 133

Summary 135

Action Plan 136

Notes 136

Chapter 12: When the Breach Happens 137

Cyber Insurance 138

Incident Response Retainers 139

The Incident 140

Tabletop Exercises 141

Summary 142

Action Plan 142

Note 142

Chapter 13: Secure Development 143

Frameworks 144

BSIMM 144

OpenSAMM 145

CMMI 145

Microsoft SDL 147

Pre-Commit 147

Integrated Development Environment 148

Commit 148

Build 149

Penetration Testing 149

Summary 150

Action Plan 150

Notes 151

Chapter 14: Third-Party Risk 153

Terms and Conditions 154

Should I Review This Vendor? 154

What to Ask and Look For 155

Verify DMARC Settings 156

Check TLS Certificates 157

Check the Security Headers of the Website 157

Summary 158

Action Plan 158

Note 159

Chapter 15: Bringing It All Together 161

Glossary 167

Index 181