The Practical, Comprehensive Guide to Applying Cybersecurity Best Practices and Standards in Real Environments In Effective Cybersecurity, William Stallings introduces the technology, operational procedures, and management practices needed for successful cybersecurity. Stallings makes extensive use of standards and best practices documents that are often used to guide or mandate cybersecurity implementation. Going beyond these, he offers in-depth tutorials on the "how" of implementation, integrated into a unified framework and realistic plan of action. Each chapter contains a clear technical overview, as well as a detailed discussion of action items and appropriate policies. Stallings offers many pedagogical features designed to help readers master the material: clear learning objectives, keyword lists, review questions, and QR codes linking to relevant standards documents and web resources. Effective Cybersecurity aligns with the comprehensive Information Security Forum document "The Standard of Good Practice for Information Security," extending ISF's work with extensive insights from ISO, NIST, COBIT, other official standards and guidelines, and modern professional, academic, and industry literature. . Understand the cybersecurity discipline and the role of standards and best practices . Define security governance, assess risks, and manage strategy and tactics . Safeguard information and privacy, and ensure GDPR compliance . Harden systems across the system development life cycle (SDLC) . Protect servers, virtualized systems, and storage . Secure networks and electronic communications, from email to VoIP . Apply the most appropriate methods for user authentication . Mitigate security risks in supply chains and cloud environments This knowledge is indispensable to every cybersecurity professional. Stallings presents it systematically and coherently, making it practical and actionable.

Preface xxvii Chapter 1: Best Practices, Standards, and a Plan of Action 2 1.1 Defining Cyberspace and Cybersecurity 3 1.2 The Value of Standards and Best Practices Documents 6 1.3 The Standard of Good Practice for Information Security 7 1.4 The ISO/IEC 27000 Suite of Information Security Standards 12 ISO 27001 15 ISO 27002 17 1.5 Mapping the ISO 27000 Series to the ISF SGP 18 1.6 NIST Cybersecurity Framework and Security Documents 21 NIST Cybersecurity Framework 22 NIST Security Documents 25 1.7 The CIS Critical Security Controls for Effective Cyber Defense 27 1.8 COBIT 5 for Information Security 29 1.9 Payment Card Industry Data Security Standard (PCI DSS) 30 1.10 ITU-T Security Documents 32 1.11 Effective Cybersecurity 34 The Cybersecurity Management Process 34 Using Best Practices and Standards Documents 36 1.12 Key Terms and Review Questions 38 Key Terms 38 Review Questions 38 1.13 References 39 PART I: PLANNING FOR CYBERSECURITY 41Chapter 2: Security Governance 42 2.1 Security Governance and Security Management 43 2.2 Security Governance Principles and Desired Outcomes 45 Principles 45 Desired Outcomes 46 2.3 Security Governance Components 47 Strategic Planning 47 Organizational Structure 51 Roles and Responsibilities 55 Integration with Enterprise Architecture 58 Policies and Guidance 63 2.4 Security Governance Approach 63 Security Governance Framework 63 Security Direction 64 Responsible, Accountable, Consulted, and Informed (RACI) Charts 66 2.5 Security Governance Evaluation 68 2.6 Security Governance Best Practices 69 2.7 Key Terms and Review Questions 70 Key Terms 70 Review Questions 71 2.8 References 71 Chapter 3: Information Risk Assessment 74 3.1 Risk Assessment Concepts 75 Risk Assessment Challenges 78 Risk Management 80 Structure of This 84 3.2 Asset Identification 85 Hardware Assets 85 Software Assets 85 Information Assets 86 Business Assets 87 Asset Register 87 3.3 Threat Identification 89 The STRIDE Threat Model 89 Threat Types 90 Sources of Information 92 3.4 Control Identification 98 3.5 Vulnerability Identification 102 Vulnerability Categories 103 National Vulnerability Database and Common Vulnerability Scoring System 103 3.6 Risk Assessment Approaches 107 Quantitative Versus Qualitative Risk Assessment 107 Simple Risk Analysis Worksheet 113 Factor Analysis of Information Risk 114 3.7 Likelihood Assessment 116 Estimating Threat Event Frequency 118 Estimating Vulnerability 119 Loss Event Frequency 121 3.8 Impact Assessment 122 Estimating the Primary Loss 124 Estimating the Secondary Loss 125 Business Impact Reference Table 126 3.9 Risk Determination 128 3.10 Risk Evaluation 128 3.11 Risk Treatment 129 Risk Reduction 130 Risk Retention 130 Risk Avoidance 130 Risk Transfer 131 3.12 Risk Assessment Best Practices 131 3.13 Key Terms and Review Questions 132 Key Terms 132 Review Questions 133 3.14 References 134 Chapter 4: Security Management 136 4.1 The Security Management Function 137 Security Planning 140 Capital Planning 142 4.2 Security Policy 145 Security Policy Categories 146 Security Policy Document Content 147 Management Guidelines for Security Policies 151 Monitoring the Policy 151 4.3 Acceptable Use Policy 152 4.4 Security Management Best Practices 154 4.5 Key Terms and Review Questions 154 Key Terms 154 Review Questions 155 4.6 References 155 PART II: MANAGING THE CYBERSECURITY FUNCTION 157Chapter 5: People Management 160 5.1 Human Resource Security 161 Security in the Hiring Process 162 During Employment 164 Termination of Employment 165 5.2 Security Awareness and Education 166 Security Awareness 168 Cybersecurity Essentials Program 173 Role-Based Training 173 Education and Certification 174 5.3 People Management Best Practices 175 5.4 Key Terms and Review Questions 176 Key Terms 176 Review Questions 176 5.5 References 177 Chapter 6: Information Management 178 6.1 Information Classification and Handling 179 Information Classification 179 Information Labeling 185 Information Handling 186 6.2 Privacy 186 Privacy Threats 189 Privacy Principles and Policies 191 Privacy Controls 196 6.3 Document and Records Management 198 Document Management 200 Records Management 202 6.4 Sensitive Physical Information 204 6.5 Information Management Best Practices 205 6.6 Key Terms and Review Questions 206 Key Terms 206 Review Questions 207 6.7 References 208 Chapter 7: Physical Asset Management 210 7.1 Hardware Life Cycle Management 211 Planning 213 Acquisition 214 Deployment 214 Management 215 Disposition 216 7.2 Office Equipment 217 Threats and Vulnerabilities 217 Security Controls 219 Equipment Disposal 222 7.3 Industrial Control Systems 223 Differences Between IT Systems and Industrial Control Systems 225 ICS Security 227 7.4 Mobile Device Security 231 Mobile Device Technology 233 Mobile Ecosystem 234 Vulnerabilities 236 Mobile Device Security Strategy 238 Resources for Mobile Device Security 243 7.5 Physical Asset Management Best Practices 244 7.6 Key Terms and Review Questions 245 Key Terms 245 Review Questions 245 7.7 References 246 Chapter 8: System Development 248 8.1 System Development Life Cycle 248 NIST SDLC Model 249 The SGP's SDLC Model 252 DevOps 254 8.2 Incorporating Security into the SDLC 259 Initiation Phase 260 Development/Acquisition Phase 264 Implementation/Assessment Phase 266 Operations and Maintenance Phase 270 Disposal Phase 272 8.3 System Development Management 273 System Development Methodology 274 System Development Environments 275 Quality Assurance 277 8.4 System Development Best Practices 278 8.5 Key Terms and Review Questions 278 Key Terms 278 Review Questions 279 8.6 References 279 Chapter 9: Business Application Management 280 9.1 Application Management Concepts 281 Application Life Cycle Management 281 Application Portfolio Management 283 Application Performance Management 285 9.2 Corporate Business Application Security 287 Business Application Register 287 Business Application Protection 288 Browser-Based Application Protection 289 9.3 End User-Developed Applications (EUDAs) 295 Benefits of EUDAs 296 Risks of EUDAs 296 EUDA Security Framework 297 9.4 Business Application Management Best Practices 300 9.5 Key Terms and Review Questions 301 Key Terms 301 Review Questions 302 9.6 References 302 Chapter 10: System Access 304 10.1 System Access Concepts 304 Authorization 306 10.2 User Authentication 307 A Model for Electronic User Authentication 307 Means of Authentication 310 Multifactor Authentication 311 10.3 Password-Based Authentication 312 The Vulnerability of Passwords 313 The Use of Hashed Passwords 315 Password Cracking of User-Chosen Passwords 317 Password File Access Control 319 Password Selection 320 10.4 Possession-Based Authentication 322 Memory Cards 322 Smart Cards 323 Electronic Identity Cards 325 One-Time Password Device 328 Threats to Possession-Based Authentication 329 Security Controls for Possession-Based Authentication 330 10.5 Biometric Authentication 330 Criteria for Biometric Characteristics 331 Physical Characteristics Used in Biometric Applications 332 Operation of a Biometric Authentication System 333 Biometric Accuracy 335 Threats to Biometric Authentication 337 Security Controls for Biometric Authentication 339 10.6 Risk Assessment for User Authentication 341 Authenticator Assurance Levels 341 Selecting an AAL 342 Choosing an Authentication Method 345 10.7 Access Control 347 Subjects, Objects, and Access Rights 348 Access Control Policies 349 Discretionary Access Control 350 Role-Based Access Control 351 Attribute-Based Access Control 353 Access Control Metrics 358 10.8 Customer Access 360 Customer Access Arrangements 360 Customer Contracts 361 Customer Connections 361 Protecting Customer Data 361 10.9 System Access Best Practices 362 10.10 Key Terms and Review Questions 363 Key Terms 363 Review Questions 363 10.11 References 364 Chapter 11: System Management 366 11.1 Server Configuration 368 Threats to Servers 368 Requirements for Server Security 368 11.2 Virtual Servers 370 Virtualization Alternatives 371 Virtualization Security Issues 374 Securing Virtualization Systems 376 11.3 Network Storage Systems 377 11.4 Service Level Agreements 379 Network Providers 379 Computer Security Incident Response Team 381 Cloud Service Providers 382 11.5 Performance and Capacity Management 383 11.6 Backup 384 11.7 Change Management 386 11.8 System Management Best Practices 389 11.9 Key Terms and Review Questions 390 Key Terms 390 Review Questions 390 11.10 References 391 Chapter 12: Networks and Communications 392 12.1 Network Management Concepts 393 Network Management Functions 393 Network Management Systems 399 Network Management Architecture 402 12.2 Firewalls 404 Firewall Characteristics 404 Types of Firewalls 406 Next-Generation Firewalls 414 DMZ Networks 414 The Modern IT Perimeter 416 12.3 Virtual Private Networks and IP Security 417 Virtual Private Networks 417 IPsec 418 Firewall-Based VPNs 420 12.4 Security Considerations for Network Management 421 Network Device Configuration 421 Physical Network Management 423 Wireless Access 426 External Network Connections 427 Firewalls 428 Remote Maintenance 429 12.5 Electronic Communications 430 Email 430 Instant Messaging 436 Voice over IP (VoIP) Networks 438 Telephony and Conferencing 444 12.6 Networks and Communications Best Practices 444 12.7 Key Terms and Review Questions 445 Key Terms 445 Review Questions 445 12.8 References 446 Chapter 13: Supply Chain Management and Cloud Security 448 13.1 Supply Chain Management Concepts 449 The Supply Chain 449 Supply Chain Management 451 13.2 Supply Chain Risk Management 453 Supply Chain Threats 456 Supply Chain Vulnerabilities 459 Supply Chain Security Controls 460 SCRM Best Practices 463 13.3 Cloud Computing 466 Cloud Computing Elements 466 Cloud Computing Reference Architecture 470 13.4 Cloud Security 473 Security Considerations for Cloud Computing 473 Threats for Cloud Service Users 474 Risk Evaluation 475 Best Practices 476 Cloud Service Agreement 477 13.5 Supply Chain Best Practices 478 13.6 Key Terms and Review Questions 479 Key Terms 479 Review Questions 479 13.7 References 480 Chapter 14: Technical Security Management 482 14.1 Security Architecture 483 14.2 Malware Protection Activities 487 Types of Malware 487 The Nature of the Malware Threat 490 Practical Malware Protection 490 14.3 Malware Protection Software 494 Capabilities of Malware Protection Software 494 Managing Malware Protection Software 495 14.4 Identity and Access Management 496 IAM Architecture 497 Federated Identity Management 498 IAM Planning 500 IAM Best Practices 501 14.5 Intrusion Detection 502 Basic Principles 503 Approaches to Intrusion Detection 504 Host-Based Intrusion Detection Techniques 505 Network-Based Intrusion Detection Systems 506 IDS Best Practices 508 14.6 Data Loss Prevention 509 Data Classification and Identification 509 Data States 510 14.7 Digital Rights Management 512 DRM Structure and Components 513 DRM Best Practices 515 14.8 Cryptographic Solutions 517 Uses of Cryptography 517 Cryptographic Algorithms 518 Selection of Cryptographic Algorithms and Lengths 525 Cryptography Implementation Considerations 526 14.9 Cryptographic Key Management 528 Key Types 530 Cryptoperiod 532 Key Life Cycle 534 14.10 Public Key Infrastructure 536 Public Key Certificates 536 PKI Architecture 538 Management Issues 540 14.11 Technical Security Management Best Practices 541 14.12 Key Terms and Review Questions 543 Key Terms 543 Review Questions 543 14.13 References 544 Chapter 15: Threat and Incident Management 546 15.1 Technical Vulnerability Management 547 Plan Vulnerability Management 547 Discover Known Vulnerabilities 548 Scan for Vulnerabilities 549 Log and Report 551 Remediate Vulnerabilities 551 15.2 Security Event Logging 554 Security Event Logging Objective 556 Potential Security Log Sources 556 What to Log 557 Protection of Log Data 557 Log Management Policy 558 15.3 Security Event Management 559 SEM Functions 560 SEM Best Practices 561 15.4 Threat Intelligence 563 Threat Taxonomy 564 The Importance of Threat Intelligence 566 Gathering Threat Intelligence 568 Threat Analysis 569 15.5 Cyber Attack Protection 570 Cyber Attack Kill Chain 570 Protection and Response Measures 573 Non-Malware Attacks 576 15.6 Security Incident Management Framework 577 Objectives of Incident Management 579 Relationship to Information Security Management System 579 Incident Management Policy 580 Roles and Responsibilities 581 Incident Management Information 583 Incident Management Tools 583 15.7 Security Incident Management Process 584 Preparing for Incident Response 585 Detection and Analysis 586 Containment, Eradication, and Recovery 587 Post-Incident Activity 588 15.8 Emergency Fixes 590 15.9 Forensic Investigations 592 Prepare 593 Identify 594 Collect 594 Preserve 595 Analyze 595 Report 596 15.10 Threat and Incident Management Best Practices 597 15.11 Key Terms and Review Questions 598 Key Terms 598 Review Questions 599 15.12 References 599 Chapter 16: Local Environment Management 602 16.1 Local Environment Security 602 Local Environment Profile 603 Local Security Coordination 604 16.2 Physical Security 606 Physical Security Threats 606 Physical Security Officer 609 Defense in Depth 610 Physical Security: Prevention and Mitigation Measures 612 Physical Security Controls 615 16.3 Local Environment Management Best Practices 619 16.4 Key Terms and Review Questions 620 Key Terms 620 Review Questions 620 16.5 References 621 Chapter 17: Business Continuity 622 17.1 Business Continuity Concepts 625 Threats 626 Business Continuity in Operation 628 Business Continuity Objectives 629 Essential Components for Maintaining Business Continuity 630 17.2 Business Continuity Program 630 Governance 631 Business Impact Analysis 631 Risk Assessment 632 Business Continuity Strategy 634 17.3 Business Continuity Readiness 637 Awareness 637 Training 638 Resilience 639 Control Selection 640 Business Continuity Plan 642 Exercising and Testing 647 Performance Evaluation 650 17.4 Business Continuity Operations 655 Emergency Response 655 Crisis Management 656 Business Recovery/Restoration 657 17.5 Business Continuity Best Practices 660 17.6 Key Terms and Review Questions 661 Key Terms 661 Review Questions 661 17.7 References 662 PART III: SECURITY ASSESSMENT 665Chapter 18: Security Monitoring and Improvement 666 18.1 Security Audit 666 Security Audit and Alarms Model 667 Data to Collect for Auditing 668 Internal and External Audit 672 Security Audit Controls 673 18.2 Security Performance 678 Security Performance Measurement 678 Security Monitoring and Reporting 686 Information Risk Reporting 688 Information Security Compliance Monitoring 690 18.3 Security Monitoring and Improvement Best Practices 691 18.4 Key Terms and Review Questions 692 Key Terms 692 Review Questions 692 18.5 References 693 Appendix A: References and Standards 694Appendix B: Glossary 708Index 726Appendix C: Answers to Review Questions (Online Only)