Defensive Security Handbook: Best Practices for Securing Infrastructure

Price: $26.49
(as of Mar 18, 2024 17:46:39 UTC – Details)

Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don’t have the budget to establish or outsource an information security (InfoSec) program, forcing them to learn on the job. For companies obliged to improvise, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost.

Each chapter in this book provides step-by-step instructions for dealing with a specific issue, including breaches and disasters, compliance, network infrastructure and password management, vulnerability scanning, and penetration testing, among others. Network engineers, system administrators, and security professionals will learn tools and techniques to help improve security in sensible, manageable chunks.

Learn fundamentals of starting or redesigning an InfoSec program Create a base set of policies, standards, and procedures Plan and design incident response, disaster recovery, compliance, and physical security Bolster Microsoft and Unix systems, network infrastructure, and password management Use segmentation practices and designs to compartmentalize your network Explore automated process and tools for vulnerability management Securely develop code to reduce exploitable errors Understand basic penetration testing concepts through purple teaming Delve into IDS, IPS, SOC, logging, and monitoring

From the Publisher

From the Preface

Our Goal

Our goal is to not only make this a standard that can be applied to most enterprise networks, but also be a little entertaining to read along the way. There are already deep-dive standards out there from a variety of government and private organizations that can drone on and on about the validity of one security measure or the next. We want this to be an informative dialog backed by real-life experiences in the industry. There will be good policy, best practices, code snippets, screenshots, walkthroughs, and snark all mixed in together. We want to reach out to the masses—the net admins who can’t get approval to hire help; directors who want to know they aren’t the only ones fighting the battles that we see day in and day out; and the people who are getting their hands dirty in the trenches and aren’t even close to being ready to start down the path of reading whitepapers and RFCs.

Who This Book Is For

This book is designed to serve as a Security 101 handbook that is applicable to as many environments as possible, in order to drive maximum improvement in your security posture for the minimum financial spend. Types of positions that will be able to take away knowledge and actionable data from this include upper-level CIOs, directors, security analysts, systems administrators, and other technological roles.

Navigating the Book

We have deliberately written this so that you do not have to adopt an all-or-nothing approach. Each of the chapters can serve as a standalone body of knowledge for a particular area of interest, meaning that you can pick and choose which subjects work for you and your organization, and ignore any that you feel may not apply. The aim is not to achieve compliance with a particular framework or compliance regime, but to improve on the current situation in sensible, pragmatic, manageable chunks.

We have purposefully ordered this book to begin with the fundamentals of starting or redesigning an information security program. It will take you from the skeleton steps of program creation on a wild rollercoaster ride into the depths of more technical topics.

ASIN ‏ : ‎ 1491960388
Publisher ‏ : ‎ O’Reilly Media; 1st edition (May 16, 2017)
Language ‏ : ‎ English
Paperback ‏ : ‎ 282 pages
ISBN-10 ‏ : ‎ 9781491960387
ISBN-13 ‏ : ‎ 978-1491960387
Item Weight ‏ : ‎ 1.09 pounds
Dimensions ‏ : ‎ 6.9 x 0.5 x 9 inches