Dietmar P. F. Möller: Cybersecurity for Network and Information Security, Gebunden

Klappentext

Introduction.- Chapter 1 Digitalization and Cybersecurity.- 1.1 Digitalization in Digital Transformation.- 1.2 Challenges in Digital Transformation.- 1.3 Cybersecurity.- 1.3.1 Cybersecurity Situational Awareness.- 1.3.2 Cybersecurity Risk Assessment.- 1.3.3 Cybersecurity Risk-Management.- 1.3.3.1 Cybersecurity Maturity Level Model.- 1.4 OT Security.- 1.5 CIA Triad.- 1.5.1 Linking CIA Triad Principles to NIST Incident Response Lifecycle.- 1.6 Cybersecurity is still Paramount.- 1.7 Exercises.- 1.8 References.- Chapter 2 Network and Information Security -- NIS2.- 2.1 Network and Information Security (NIS2).- 2.2 Chapter I General Provisions (Articles 1-6).- 2.3 Chapter II Coordinated Cybersecurity Frameworks (Articles 7-13).- 2.4 Chapter III Cooperation at EU and International Level (Articles 14-19).- 2.5 Chapter IV Cybersecurity Risk-Management Measures and Reporting Obligations (Articles 20-25).- 2.6 Chapter VI Jurisdiction and Registration (Articles 26-28).- 2.7 Chapter VI Information Sharing (Articles 29-30).- 2.8 Chapter VII Supervision and Enforcement (Articles 31-37).- 2.9 Chapter VIII Delegated and Implementation Acts (Articles 38-39).- 2.10 Chapter IX Final Provisions (Articles 40-42).- 2.11 Annexes.- 2.12 Exercises.- 2.13 References.- Chapter 3 Application Domain Cybersecurity Activities.- 3.1 Risk-Management and Effectiveness Assessment of Risk-Management Measures.- 3.1.1 Risk Identification and Documentation.- 3.1.2 Risk Quantification and Documentation.- 3.1.3 Risk Assessment and Documentation.- 3.1.4 Cybersecurity and Data Risk-Management Approach.- 3.1.5 Contingency Planning as part of Risk-Governance.- 3.2 Cybersecurity Frameworks and Criteria.- 3.2.1 NIST Cybersecurity Framework (NIST CSF).- 3.2.1.1 NIST CSF Core Functions.- 3.2.1.2 NIST CSF Profiles.- 3.2.1.3 NIST CSF Tiers.- 3.2.3 MITRE ATT & CK.- 3.2.3.1 MITRE ATT & CK Model.- 3.2.4 CIS Critical Security Controls.- 3.2.5 ISO/IEC 27 K.- 3.2.6 Difference between NIS CSF and ISO/IEC 27K.- 3.2.7 Maturity Models after ISO 9004: 2008 / 2015.- 3.3 Cybersecurity Maturity Model (CMM, CMMI): A Behavior and Process Model.- 3.3.1 Classification of Capability- and Maturity Models.- 3.4 Exercises.- 3.5 References.- Chapter 4 Application Domain Network and Information Security.- 4.1 Network and Information Security (NIS2).- 4.2 Compliance and Regulatory Pressure.- 4.3 Liability.- 4.4 NIS2 Article 21.2.- 4.4.1 Mandatory Cybersecurity Measures.- 4.4.2 Standards in Cybersecurity Risk-Management.- 4.5 Preparing for NIS2.- 4.6 Business Continuity Plan (BCP).- 4.6.1 BCP Component Risk and Impact Analysis.- 4.6.2 BCP Component Recovery Schedule.- 4.6.2.1 Recovery Point Objective (RPO).- 4.6.2.2 Recovery Time Objective (RTO).- 4.6.2.3 Maximum Tolerable Downtime (MtD).- 4.7 Emergency Communication Plan (ECOP).- 4.7.1 Important to do´s for ECOP -- A Cookbook.- 4.7.2 ECOP Topics BCM, RPO, RTO, MtD.- 4.7.3 Summarizing ECOP Action Needs.- 4.8 Exercises.- 4.9 References.- Chapter 5 EU Network and Information Security Directive (NIS2).- Conclustions.