فهرست مطالب

• Title Page
• Copyright
• Preface
• Acknowledgments
• Chapter 1. Understanding Cybersecurity Controls
• Definition and Importance
• Types of Controls
• Mowing the Lawn: An Allegory for Cybersecurity Controls
• The Lifecycle of a Control
• Leadership Insight: Guiding Teams in Understanding and Valuing Controls
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Chapter 2. The Risk‐Based Approach
• Identifying Cyber Risks
• Prioritizing Risks
• Developing a Risk Taxonomy
• Leadership Insight: Leading Risk Assessment and Prioritization Efforts
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Chapter 3. Small Business Implementation
• Unique Challenges and Solutions
• Cost‐Effective Strategies
• Leadership Insight: Leading Security Initiatives in Small Businesses
• AI Recommendations: Leveraging AI for Cybersecurity in Small Businesses
• Selecting the Right Managed Security Service Provider (MSSP) for Your Small Business
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Chapter 4. Medium‐Sized Enterprises
• Balancing Resources and Security
• Managing Limited IT and Security Budgets
• Cost‐Effective Security Solutions
• Maximizing Existing Resources
• Allocating Human Resources
• Outsourcing Cybersecurity Functions
• Collaborating Across Teams
• Maximizing Impact Through Strategic Planning
• Sizing Security Teams for Medium‐Sized Enterprises
• Leadership Insight: Managing Security Teams in Medium‐Sized Enterprises
• AI Recommendations: Leveraging AI for Education on Cybersecurity and Medium Enterprise Risks and Controls
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Chapter 5. Large Enterprises
• Advanced Control Strategies
• Collaborating Across the Organization to Design Controls
• Choosing the Right Cybersecurity Framework
• Prioritizing Controls in a Large Enterprise Setting
• Advanced Strategies for Large Organizations with Complex Environments
• Managing Complexity and Scale
• Leadership Insight: Leading Large‐Scale Security Operations
• AI Recommendations: GRC AI Uses for Large Enterprises
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Chapter 6. Introduction to MITRE ATT&CK & DEFEND
• What Is MITRE ATT&CK?
• What Is MITRE DEFEND?
• Benefits of Using ATT&CK and DEFEND Together
• Leadership Insight: Encouraging Adoption of MITRE ATT&CK and DEFEND Within Teams
• AI Recommendations: Learning MITRE ATT&CK and DEFEND
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Chapter 7. Mapping Threats to Controls Using MITRE ATT&CK
• Practical Guide to Threat Mapping
• Steps for Threat Mapping
• Tools for Effective Threat Mapping
• Mapping Specific Techniques to Controls
• Leadership Insight: Leading Threat‐Mapping Exercises
• Aligning Threat Mapping with Business Objectives
• Driving Continuous Improvement
• AI Recommendations: Leveraging AI for Threat Mapping and Analysis
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Chapter 8. Enhancing Defenses with MITRE DEFEND
• Integrating MITRE DEFEND into Organizational Defense Strategies
• Alignment with NIST Cybersecurity Framework (CSF)
• Alignment with ISO 27001: Establishing a Strong Information Security Management System (ISMS)
• Alignment with CIS Controls: Prioritizing Actions to Mitigate Common Threats
• Embedding MITRE DEFEND into Risk Management
• Tools and Techniques for Defensive Implementation
• Leadership Strategies for MITRE DEFEND Integration
• Enhancing Defense with AI and MITRE DEFEND
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Chapter 9. Cybersecurity Frameworks Overview
• Why Cybersecurity Frameworks Are Critical
• Leadership Insight: Choosing and Championing the Right Frameworks for Your Organization
• Integrating AI with Cybersecurity Frameworks
• Chapter Recommendations
• Comparison of Popular Cybersecurity Control Frameworks
• Chapter Conclusion
• Questions
• Chapter 10. NIST 800‐53
• Overview of NIST SP 800‐53
• Control Families
• Categorization of Information Systems (FIPS 199)
• Control Baselines
• Implementation Strategies
• Prioritizing Controls Based on Risk
• Tailoring Controls to the Organization
• Overcoming Challenges in Implementation
• NIST 800‐171—Controls for Non‐federal Entities
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Chapter 11. Center for Internet Security (CIS) 18 Controls
• Overview of CIS Controls
• In‐Depth Exploration of the 18 CIS Controls
• Leadership Insight: Driving the Application of CIS Controls
• Overcoming Resistance to Change
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Chapter 12. Agile Implementation of Controls and Control Frameworks
• Agile Implementation of Controls and Control Frameworks
• Leadership Insight: Leading Agile Cybersecurity Teams
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Chapter 13. Adaptive Control Testing & Continuous Improvement
• What Is Control Testing?
• Using Metrics to Monitor and Evaluate Controls
• Continuous Improvement and Adaptation
• Leveraging AI in Control Testing: Enhancing Efficiency and Accuracy
• Increased Testing Frequency Without Resource Drain
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Chapter 14. Testing Controls in Small and Medium Enterprises
• Streamlined Control Testing for Small Businesses
• Simplified Testing Methods for Medium‐Sized Enterprises
• Managed Security Service Providers (MSSPs) for Small Businesses
• MSSPs for Medium‐Sized Enterprises
• Third‐Party Testing for Small Businesses
• Advanced Testing for Medium‐Sized Enterprises
• Leadership Insight: Managing Control Testing in Small Businesses
• Leadership Insight: Managing Control Testing in Medium Enterprises
• Integration of AI into Small and Medium Enterprise Control Testing
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Chapter 15. Control Testing in Larger and Complex Enterprises
• Dealing with Organizational Complexity
• Tailoring Tests to Specific Environments
• Quantitative Testing Methods
• Qualitative Testing Methods
• Sampling Best Practices
• Control Testing Frequency
• Involvement of GRC Systems and Risk/Compliance Teams
• Outside Testing Options, Including Penetration Testing
• Leadership Insight: Managing Large‐Scale Control Testing Efforts
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Chapter 16. Control Failures: Identification, Management, and Reporting
• Defining Control Failures
• Handling Control Failures
• Reporting Control Failures
• Key vs. Non‐key Control Failures
• Inherited or Common Control Failures
• Reporting and Escalating Control Failures
• Impact of Control Failures on Metrics and KPIs
• Proactive Measures for Reducing Control Failures
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Chapter 17. Control Testing for Regulated Companies
• Navigating Legal Requirements
• Maintaining Awareness of Regulatory Changes
• Integrating Compliance with Security Strategy
• Technology Solutions for Managing Compliance
• Compliance Testing and Audits
• Leadership Insight: Leading Compliance Efforts
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Chapter 18. Emerging Threats and Technologies
• Adapting Controls to New Attack Vectors
• Control Flexibility and Scalability
• Enhancing Control Development Through Threat Intelligence
• Fostering Proactive Control Development
• AI‐Powered Control Development
• Chapter Recommendations
• Chapter Conclusion
• Questions
• Appendices
• Appendix A: Glossary of Terms
• Appendix B: Creating and Using a Cybersecurity Risk Register
• Appendix C: Creating and Using a Cybersecurity Risk Taxonomy
• Appendix D: SME Security Team Structures
• Appendix E: Developing Process Maps
• Appendix F: Establishing a Regulatory Change Management Program
• Appendix G: Recommended Metrics for MITRE ATT&CK Techniques
• Answers
• Index