Cover Image
Read Now

Start-up secure baking cybersecurity into your company from founding to exit

"Cybersecurity is of huge concern from start-ups to established businesses. This title provides steps that start-ups can follow to protect their business from a cyberattack The book will cover everything an entrepreneur and venture capitalist should know when building a secure company in today&...

Full description

Bibliographic Details
Main Author: Castaldo, Chris
Format: eBook
Language:English
Published: Hoboken, New Jersey John Wiley & Sons, Inc. 2021
Subjects:
Sécurité Informatique
New Business Enterprises / Http://id.loc.gov/authorities/subjects/sh85091252
Computer Security / Http://id.loc.gov/authorities/subjects/sh90001862
Nouvelles Entreprises
New Business Enterprises / Fast
Computer Security / Fast
Computer Security
Online Access:
Collection: O'Reilly - Collection details see MPG.ReNa
Table of Contents:
  • HITECH 114
  • HITRUST 114
  • Financial 114
  • FFIEC 114
  • FINRA 115
  • NCUA 115
  • Education 115
  • FERPA 115
  • International 116
  • International Organization for Standardization (ISO) 116
  • UL 2900 117
  • GDPR 117
  • Privacy Shield 118
  • UK Cyber Essentials 118
  • United States Federal and State Government 118
  • NIST 119
  • NISPOM 120
  • DFARS PGI 120
  • FedRAMP 120
  • FISMA 122
  • NYCRR 500 122
  • CCPA 122
  • Summary 123
  • Action Plan 123
  • Notes 124
  • Chapter 11: Communicating Your Cybersecurity Posture and Maturity to Customers 127
  • Certifications and Audits 128
  • Questionnaires 129
  • Shared Assessments 129
  • Cloud Security Alliance 130
  • Vendor Security Alliance 130
  • Sharing Data with Your Customer 131
  • Case Study 133
  • Summary 135
  • Action Plan 136
  • Notes 136
  • Chapter 12: When the Breach Happens 137
  • Cyber Insurance 138
  • Incident Response Retainers 139
  • The Incident 140
  • Tabletop Exercises 141
  • Summary 142
  • Action Plan 142
  • Note 142
  • Passphrase 33
  • Multi-Factor Authentication 35
  • Entitlements 37
  • Key Management 38
  • Case Study 39
  • Summary 41
  • Action Plan 42
  • Notes 42
  • Chapter 4: Endpoint Protection 43
  • Vendors 44
  • Selecting an EDR 45
  • Managed Detection and Response 46
  • Case Study 49
  • Summary 50
  • Action Plan 51
  • Notes 51
  • Chapter 5: Your Office Network 53
  • Your First Office Space 54
  • Co-Working Spaces 57
  • Virtual Private Network 58
  • Summary 60
  • Action Plan 60
  • Notes 60
  • Chapter 6: Your Product in the Cloud 63
  • Secure Your Cloud Provider Accounts 65
  • Protect Your Workloads 66
  • Patching 67
  • Endpoint Protection 68
  • Secure Your Containers 69
  • Summary 70
  • Action Plan 70
  • Notes 71
  • Chapter 7: Information Technology 73
  • Asset Management 74
  • Identity and Access Management 76
  • Summary 77
  • Action Plan 78
  • Part II Growing the Team
  • Chapter 8: Hiring, Outsourcing, or Hybrid 81
  • Catalysts to Hiring 82
  • Get the First Hire Right 83
  • Executive versus Individual Contributor 84
  • Recruiting 86
  • Job Descriptions 86
  • Interviewing 88
  • First 90 Days is a Myth 90
  • Summary 90
  • Action Plan 90
  • Note 91
  • Part III Maturation
  • Chapter 9: Compliance 95
  • Master Service Agreements, Terms and Conditions, Oh My 96
  • Patch and Vulnerability Management 97
  • Antivirus 98
  • Auditing 98
  • Incident Response 99
  • Policies and Controls 100
  • Change Management 100
  • Encryption 101
  • Data Loss Prevention 101
  • Data Processing Agreement 102
  • Summary 102
  • Action Plan 103
  • Note 103
  • Chapter 10: Industry and Government Standards and Regulations 105
  • Open Source 106
  • OWASP 106
  • Center for Internet Security 20 106
  • United States Public 106
  • SOC 106
  • Retail 109
  • PCI DSS 109
  • SOX 111
  • Energy, Oil, and Gas 111
  • NERC CIP 111
  • ISA-62443-3-3 (99.03.03)-2013 112
  • Federal Energy Regulatory Commission 112
  • Department of Energy Cybersecurity Framework 112
  • Health 113
  • HIPAA 113
  • Chapter 13: Secure Development 143
  • Frameworks 144
  • BSIMM 144
  • OpenSAMM 145
  • CMMI 145
  • Microsoft SDL 147
  • Pre-Commit 147
  • Integrated Development Environment 148
  • Commit 148
  • Build 149
  • Penetration Testing 149
  • Summary 150
  • Action Plan 150
  • Notes 151
  • Chapter 14: Third-Party Risk 153
  • Terms and Conditions 154
  • Should I Review This Vendor? 154
  • What to Ask and Look For 155
  • Verify DMARC Settings 156
  • Check TLS Certificates 157
  • Check the Security Headers of the Website 157
  • Summary 158
  • Action Plan 158
  • Note 159
  • Chapter 15: Bringing It All Together 161
  • Glossary 167
  • Index 181
  • Foreword xv
  • Preface xvii
  • Acknowledgments xxi
  • About the Author xxv
  • Introduction 1
  • Part I Fundamentals
  • Chapter 1: Minimum Security Investment for Maximum Risk Reduction 7
  • Communicating Your Cybersecurity 9
  • Email Security 10
  • Secure Your Credentials 12
  • SAAS Can Be Secure 14
  • Patching 15
  • Antivirus is Still Necessary but Goes by a Different Name 18
  • Mobile Devices 18
  • Summary 20
  • Action Plan 20
  • Notes 21
  • Chapter 2: Cybersecurity Strategy and Roadmap Development 23
  • What Type of Business is This? 24
  • What Types of Customers Will We Sell To? 24
  • What Types of Information Will the Business Consume? 25
  • What Types of Information Will the Business Create? 25
  • Where Geographically Will Business Be Conducted? 26
  • Building the Roadmap 26
  • Opening Statement 26
  • Stakeholders 27
  • Tactics 27
  • Measurability 27
  • Case Study 28
  • Summary 30
  • Action Plan 30
  • Note 30
  • Chapter 3: Secure Your Credentials 31
  • Password Managers 32

Similar Items