Cybersecurity Threats, Malware Trends, and Strategies : Discover risk mitigation strategies for modern threats to your organization, 2/e (Paperback)

Implement effective cybersecurity strategies to help you and your security team protect, detect, and respond to modern-day threats

Key Features

- Protect your organization from cybersecurity threats with field-tested strategies
- Understand threats such as exploits, malware, internet-based threats, and governments
- Measure the effectiveness of your organization's current cybersecurity program against modern attackers' tactics

Book Description

Tim Rains is Microsoft's former Global Chief Security Advisor and Amazon Web Services' former Global Security Leader for Worldwide Public Sector. He has spent the last two decades advising private and public sector organizations all over the world on cybersecurity strategies.

Cybersecurity Threats, Malware Trends, and Strategies, Second Edition builds upon the success of the first edition that has helped so many aspiring CISOs, and cybersecurity professionals understand and develop effective data-driven cybersecurity strategies for their organizations. In this edition, you'll examine long-term trends in vulnerability disclosures and exploitation, regional differences in malware infections and the socio-economic factors that underpin them, and how ransomware evolved from an obscure threat to the most feared threat in cybersecurity. You'll also gain valuable insights into the roles that governments play in cybersecurity, including their role as threat actors, and how to mitigate government access to data. The book concludes with a deep dive into modern approaches to cybersecurity using the cloud.

By the end of this book, you will have a better understanding of the threat landscape, how to recognize good Cyber Threat Intelligence, and how to measure the effectiveness of your organization's cybersecurity strategy.

What you will learn

- Discover enterprise cybersecurity strategies and the ingredients critical to their success
- Improve vulnerability management by reducing risks and costs for your organization
- Mitigate internet-based threats such as drive-by download attacks and malware distribution sites
- Learn the roles that governments play in cybersecurity and how to mitigate government access to data
- Weigh the pros and cons of popular cybersecurity strategies such as Zero Trust, the Intrusion Kill Chain, and others
- Implement and then measure the outcome of a cybersecurity strategy
- Discover how the cloud can provide better security and compliance capabilities than on-premises IT environments

Who this book is for

This book is for anyone who is looking to implement or improve their organization's cybersecurity strategy. This includes Chief Information Security Officers (CISOs), Chief Security Officers (CSOs), compliance and audit professionals, security architects, and cybersecurity professionals. Basic knowledge of Information Technology (IT), software development principles, and cybersecurity concepts is assumed.

實施有效的網絡安全策略，以幫助您和您的安全團隊保護、檢測和應對現代威脅。

主要特點：

- 使用經過實踐驗證的策略保護您的組織免受網絡安全威脅
- 了解威脅，如利用漏洞、惡意軟件、基於互聯網的威脅和政府威脅
- 測量您的組織當前網絡安全計劃對抗現代攻擊者策略的有效性

書籍描述：

Tim Rains 是微軟前全球首席安全顧問，亞馬遜網絡服務前全球公共部門安全負責人。在過去的二十年中，他一直在世界各地為私營和公共部門組織提供網絡安全策略建議。

《網絡安全威脅、惡意軟件趨勢和策略》第二版在第一版的成功基礎上，幫助許多有抱負的CISO和網絡安全專業人員了解和制定有效的數據驅動網絡安全策略。在本版中，您將研究漏洞披露和利用的長期趨勢，惡意軟件感染的地區差異以及支撐它們的社會經濟因素，以及勒索軟件如何從默默無聞的威脅演變為網絡安全領域中最令人擔憂的威脅。您還將獲得有關政府在網絡安全中扮演的角色，包括其作為威脅行為者的角色，以及如何減輕政府對數據的訪問。本書最後深入探討了使用雲端的現代網絡安全方法。

通過閱讀本書，您將更好地了解威脅環境，如何識別良好的網絡威脅情報，以及如何衡量您的組織的網絡安全策略的有效性。

學到的內容：

- 探索企業網絡安全策略及其成功的關鍵要素
- 通過降低風險和成本來改善漏洞管理
- 減輕基於互聯網的威脅，如隨意下載攻擊和惡意軟件分發站點
- 了解政府在網絡安全中的角色，以及如何減輕政府對數據的訪問
- 權衡流行的網絡安全策略的利弊，如零信任、入侵殺鏈等
- 實施並衡量網絡安全策略的成果
- 發現雲端相對於本地IT環境提供更好的安全性和合規性能力

本書適合尋求實施或改進其組織網絡安全策略的任何人，包括首席信息安全官（CISO）、首席安全官（CSO）、合規和審計專業人員、安全架構師和網絡安全專業人員。假設讀者具備基本的信息技術（IT）、軟件開發原則和網絡安全概念知識。

1. Introduction
2. What to Know About Threat Intelligence
3. Using Vulnerability Trends to Reduce Risk and Costs
4. The Evolution of Malware
5. Internet-Based Threats
6. The Roles Governments Play in Cybersecurity
7. Government access to data
8. Ingredients for a Successful Cybersecurity Strategy
9. Cybersecurity Strategies
10. Strategy Implementation
11. Measuring Performance and Effectiveness
12. Modern Approaches to Security and Compliance

1. 簡介
2. 關於威脅情報的重要事項
3. 利用漏洞趨勢降低風險和成本
4. 惡意軟體的演變
5. 基於網際網路的威脅
6. 政府在網路安全中的角色
7. 政府對資料的存取
8. 成功的網路安全策略要素
9. 網路安全策略
10. 策略實施
11. 衡量績效和效果
12. 現代化的安全與合規方法