Preface.-

Introduction.-

Part I: The Cybersecurity Challenge.-

Chapter 1: Defining the Cybersecurity Challenge.-

Chapter 2: Meeting the Cybersecurity Challenge.-

Part II: A New Enterprise Cybersecurity Architecture.-

Chapter 3: Enterprise Cybersecurity Architecture.-

Chapter 4: Implementing Enterprise Cybersecurity.-

Chapter 5: Operating Enterprise Cybersecurity.-

Chapter 6: Enterprise Cybersecurity and the Cloud.-

Chapter 7: Enterprise Cybersecurity for Mobile and BYOD.-

Part III: The Art of Cyber Defense.-

Chapter 8: Building an Effective Defense.-

Chapter 9: Responding to Incidents.-

Chapter 10: Managing a Cybersecurity Crisis.-

Part IV: Enterprise Cyber Defense Assessment.-

Chapter 11: Assessing Enterprise Cybersecurity.-

Chapter 12: Measuring a Cybersecurity Program.-

Chapter 13: Mapping Against Cybersecurity Frameworks.-

Part V: Enterprise Cybersecurity Program.-

Chapter 14: Managing an Enterprise Cybersecurity Program.-

Chapter 15: Looking to the Future.-

Part VI: Appendices.-

Appendix A: Sample Cybersecurity Policy.-

Appendix B: Cybersecurity Operational Processes.-

Appendix C: Object Measurement.-

Appendix D: Cybersecurity Sample Assessment.-

Scott Donaldson has professional experience in the defense, federal government, commercial, and university marketplaces. His expertise includes multi-hundred-million-dollar program management, systems development, information technology, business operations, business development, and technology cultural change. He has served in a wide variety of leadership roles, including Chief Technology Officer (CTO), IT Director, Chief Systems Engineer (CSE), Program Manager, Line Manager, and Business Development Capture Manager. Scott has co-authored three software engineering books: Successful Software Development: Making It Happen, 2nd Edition; Successful Software Development: Study Guide; and Cultivating Successful Software Development: A Practitioner’s View. Scott also co-authored CTOs at Work (Apress) and Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats (Apress).

Dr. Stanley Siegel has progressive professional experience as a systems engineer, mathematician, and computer specialist. He started his career with the US Government in the Department of Commerce and then the Department of Defense. After his government service, he was with Grumman for 15 years and Science Applications International Corporation (SAIC) for over 20 years. He helped SAIC grow to an $11 billion leader in scientific, engineering, and technical solutions with hundreds of millions of dollars in new business. Dr. Siegel has co-authored four software engineering books, including the seminal software engineering textbook Software Configuration Management: An Investment in Product Integrity. He has contributed to a number of books, including the Encyclopedia of Software Engineering, Software Project Management Success Factors (Reducing the Likelihood of Software Failures); and the Handbook of Software Quality Assurance, Software Configuration Management—A Practical Look, 3rd Edition.

Chris Williams has been involved in the cybersecurity field since 1994 in a combination of US military and commercial positions. He has been with Leidos (formerly SAIC) since 2003 focusing on enterprise cybersecurity and compliance, and before that EDS (now HP) and Booz Allen Hamilton. He is a veteran of the US Army, having served five years with the 82nd Airborne Division and 35th Signal Brigade. He has worked on cybersecurity projects with the US Army, Defense Information Systems Agency, Department of State, Defense Intelligence Agency, and numerous other commercial and government organizations designing integrated solutions to protect against modern threats. Chris co-authored Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats (Apress).

Abdul Aslam has over 20 years of experience in devising risk acceptance and compliance frameworks, application security, security operations, and information protection. He is Director of Cyber Security Compliance and Risk Management for Leidos where he is in charge of delivering secure, scalable, security solutions, policy governance, and strategic technology support. He has worked on numerous IT projects with a proven record of pioneering innovative systems analysis processes and secure application designs that improve availability, integrity, confidentiality, reliability, effectiveness, and efficiency of technology services. Abdul co-authored Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats (Apress) and has presented on cybersecurity at International Information Systems Security Certification Consortium (ISC)2 and the Information Systems Security Association (ISSA).

Use the methodology in this study guide to design, manage, and operate a balanced enterprise cybersecurity program that is pragmatic and realistic in the face of resource constraints and other real-world limitations. This guide is an instructional companion to the book Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. The study guide will help you understand the book’s ideas and put them to work. The guide can be used for self-study or in the classroom.

Enterprise cybersecurity is about implementing a cyberdefense program that will succeed in defending against real-world attacks. While we often know what should be done, the resources to do it often are not sufficient. The reality is that the Cybersecurity Conundrum—what the defenders request, what the frameworks specify, and what the budget allows versus what the attackers exploit—gets in the way of what needs to be done. Cyberattacks in the headlines affecting millions of people show that this conundrum fails more often than we would prefer.

Cybersecurity professionals want to implement more than what control frameworks specify, and more than what the budget allows. Ironically, another challenge is that even when defenders get everything that they want, clever attackers are extremely effective at finding and exploiting the gaps in those defenses, regardless of their comprehensiveness. Therefore, the cybersecurity challenge is to spend the available budget on the right protections, so that real-world attacks can be thwarted without breaking the bank.

People involved in or interested in successful enterprise cybersecurity can use this study guide to gain insight into a comprehensive framework for coordinating an entire enterprise cyberdefense program.

• Know the methodology of targeted attacks and why they succeed
• Master the cybersecurity risk management process
• Understand why cybersecurity capabilities are the foundation of effective cyberdefenses
• Organize a cybersecurity program's policy, people, budget, technology, and assessment
• Assess and score a cybersecurity program
• Report cybersecurity program status against compliance and regulatory frameworks
• Use the operational processes and supporting information systems of a successful cybersecurity program
• Create a data-driven and objectively managed cybersecurity program
• Discover how cybersecurity is evolving and will continue to evolve over the next decade