"This book is an essential resource for anyone looking to protect their organization in the digital age; whether running a small business, managing a medium-sized company, or leading a large corporation, this book contains strategies that will fit all needs. Written in a highly accessible, jargon-free style, the highly experienced author shares his advice for effective cybersecurity controls which are crucial for protecting sensitive data, maintaining system integrity, and ensuring privacy. They help prevent data breaches, reduce financial risks, and build trust. Additionally, they are vital for meeting regulatory requirements in various industries. As technology advances, these controls will become increasingly important in securing our digital world. Each chapter provides clear explanations of foundational concepts before delving into more advanced topics, ensuring that readers understand the basics. Additionally, the book includes appendices and links to online resources for those who need to brush upon specific skills. By incorporating these supportive elements, the book ensures that all readers can fully grasp and apply the cybersecurity strategies discussed regardless of their starting point"-- Provided by publisher.
Implement effective cybersecurity measures for all organizations
Cybersecurity is one of the central concerns of our digital age. In an increasingly connected world, protecting sensitive data, maintaining system integrity, and ensuring privacy have never been more important. The Cybersecurity Control Playbook offers a step-by-step guide for implementing cybersecurity controls that will protect businesses and prepare them to compete in an overwhelmingly networked landscape. With balanced coverage of both foundational and advanced topics, and concrete examples throughout, this is a must-own resource for professionals looking to keep their businesses safe and secure.
Readers will also find:
- Clear, jargon-free language that makes it accessible to a wide range of readers
- An introduction to developing, deploying, monitoring, testing, and retiring controls and control frameworks across large, medium, and small enterprises
- A system for identifying, prioritizing, and managing cyber risks based on the MITRE ATT&CK framework, with additional coverage of other key cybersecurity frameworks
The Cybersecurity Control Playbook is ideal for cybersecurity practitioners, IT professionals, and security managers who are responsible for implementing and managing cybersecurity strategies in their organizations.
Preface xxv
Acknowledgments xxvii
1 Understanding Cybersecurity Controls 1
2 The Risk-Based Approach 17
3 Small Business Implementation 35
4 Medium-Sized Enterprises 55
5 Large Enterprises 73
6 Introduction to MITRE ATT&CK & DEFEND 97
7 Mapping Threats to Controls Using MITRE ATT&CK 117
8 Enhancing Defenses with MITRE DEFEND 141
9 Cybersecurity Frameworks Overview 169
10 Nist 800-53 191
11 Center for Internet Security (CIS) 18 Controls 221
12 Agile Implementation of Controls and Control Frameworks 253
13 Adaptive Control Testing & Continuous Improvement 267
14 Testing Controls in Small and Medium Enterprises 297
15 Control Testing in Larger and Complex Enterprises 317
16 Control Failures: Identification, Management, and Reporting 365
17 Control Testing for Regulated Companies 389
18 Emerging Threats and Technologies 409
Appendix A Glossary of Terms 427
Appendix B Creating and Using a Cybersecurity Risk Register 431
Appendix C Creating and Using a Cybersecurity Risk Taxonomy 437
Appendix D SME Security Team Structures 441
Appendix E Developing Process Maps 445
Appendix F Establishing a Regulatory Change Management Program 449
Appendix G Recommended Metrics for MITRE ATT&CK Techniques 453
Answers 467
Index 503
Jason Edwards, DM, CISSP, is an accomplished cybersecurity leader with extensive experience in the technology, finance, insurance, and energy sectors. Holding a Doctorate in Management, Information Systems, and Technology, Jason specializes in guiding large public and private companies through complex cybersecurity challenges. His career includes leadership roles across the military, insurance, finance, energy, and technology industries. He is a husband, father, former military cyber officer, adjunct professor, avid reader, dog dad, and popular on LinkedIn.
