Books & Videos

Table of Contents

  1. Chapter 1 Creating a Security Program

    1. Lay the Groundwork

    2. Establish Teams

    3. Baseline Security Posture

    4. Assess Threats and Risks

    5. Prioritize

    6. Create Milestones

    7. Use Cases, Tabletops, and Drills

    8. Expanding Your Team and Skillsets

    9. Conclusion

  2. Chapter 2 Asset Management and Documentation

    1. Information Classification

    2. Asset Management Implementation Steps

    3. Asset Management Guidelines

    4. Documentation

    5. Conclusion

  3. Chapter 3 Policies

    1. Language

    2. Document Contents

    3. Topics

    4. Storage and Communication

    5. Conclusion

  4. Chapter 4 Standards and Procedures

    1. Standards

    2. Language

    3. Procedures

    4. Language

    5. Document Contents

    6. Conclusion

  5. Chapter 5 User Education

    1. Broken Processes

    2. Bridging the Gap

    3. Building Your Own Program

    4. Gaining Meaningful Metrics

    5. Conclusion

  6. Chapter 6 Incident Response

    1. Processes

    2. Tools and Technology

    3. Conclusion

  7. Chapter 7 Disaster Recovery

    1. Setting Objectives

    2. Recovery Strategies

    3. Dependencies

    4. Scenarios

    5. Invoking a Fail Over...and Back

    6. Testing

    7. Security Considerations

    8. Conclusion

  8. Chapter 8 Industry Compliance Standards and Frameworks

    1. Industry Compliance Standards

    2. Frameworks

    3. Regulated Industries

    4. Conclusion

  9. Chapter 9 Physical Security

    1. Physical

    2. Operational

    3. Conclusion

  10. Chapter 10 Microsoft Windows Infrastructure

    1. Quick Wins

    2. Active Directory Domain Services

    3. Group Policy Objects

    4. EMET

    5. MS-SQL Server

    6. Conclusion

  11. Chapter 11 Unix Application Servers

    1. Keeping Up-to-Date

  12. Chapter 12 Endpoints

    1. Keeping Up-to-Date

    2. Hardening Endpoints

    3. Mobile Device Management

    4. Endpoint Visibility

    5. Centralization

    6. Conclusion

  13. Chapter 13 Password Management and Multifactor Authentication

    1. Basic Password Practices

    2. Password Management Software

    3. Password Resets

    4. Password Breaches

    5. Encryption, Hashing, and Salting

    6. Password Storage Locations and Methods

    7. Password Security Objects

    8. Multifactor Authentication

    9. Conclusion

  14. Chapter 14 Network Infrastructure

    1. Firmware/Software Patching

    2. Device Hardening

    3. Routers

    4. Switches

    5. Egress Filtering

    6. IPv6: A Cautionary Note

    7. TACACS+

    8. Conclusion

  15. Chapter 15 Segmentation

    1. Network Segmentation

    2. Application

    3. Roles and Responsibilities

    4. Conclusion

  16. Chapter 16 Vulnerability Management

    1. How Vulnerability Scanning Works

    2. Authenticated versus Unauthenticated Scans

    3. Vulnerability Assessment Tools

    4. Vulnerability Management Program

    5. Remediation Prioritization

    6. Risk Acceptance

    7. Conclusion

  17. Chapter 17 Development

    1. Language Selection

    2. Secure Coding Guidelines

    3. Testing

    4. System Development Lifecycle

    5. Conclusion

  18. Chapter 18 Purple Teaming

    1. Open Source Intelligence

  19. Chapter 19 IDS and IPS

    1. Types of IDS and IPS

    2. Cutting Out the Noise

    3. Writing Your Own Signatures

    4. NIDS and IPS Locations

    5. Encrypted Protocols

    6. Conclusion

  20. Chapter 20 Logging and Monitoring

    1. What to Log

    2. Where to Log

    3. Security Information and Event Management

    4. Designing the SIEM

    5. Log Analysis

    6. Logging and Alerting Examples

    7. Log Aggregation

    8. Use Case Analysis

    9. Conclusion

  21. Chapter 21 The Extra Mile

    1. Email Servers

    2. DNS Servers

    3. Security through Obscurity

    4. Useful Resources

  22. Appendix User Education Templates

    1. Live Phishing Education Slides

    2. Phishing Program Rules