| Description |
1 online resource |
|
text file |
|
PDF |
| Contents |
Intro; Table of Contents; About the Authors; About the Technical Reviewer; Acknowledgments; Preface; Introduction; Chapter 1: The Attack Chain; Chapter 2: The Vulnerability Landscape; Vulnerabilities; Configurations; Exploits; False Positives; False Negatives; Malware; Social Engineering; Phishing; Curiosity Killed the Cat; Nothing Bad Will Happen; Did You Know They Removed Gullible from the Dictionary?; It Can't Happen to Me; How to Determine if Your Email Is a Phishing Attack; Ransomware; Insider Threats; External Threats; Vulnerability Disclosure; Chapter 3: Threat Intelligence. |
|
Chapter 4: Credential Asset RisksChapter 5: Vulnerability Assessment; Active Vulnerability Scanning; Passive Scanners; Intrusive Vulnerability Scanning; Nonintrusive Scanning; Vulnerability Scanning Limitations and Shortcomings; Chapter 6: Configuration Assessment; Regulations; Frameworks; Benchmarks; Configuration Assessment Tools; SCAP; Chapter 7: Risk Measurement; CVE; CVSS; STIG; OVAL; IAVA; Chapter 8: Vulnerability States; Vulnerability Risk Based on State; The Three Vulnerability States; Active Vulnerabilities; Dormant Vulnerabilities; Carrier Vulnerabilities; State Prioritization. |
|
Chapter 9: Vulnerability AuthoritiesChapter 10: Penetration Testing; Chapter 11: Remediation; Microsoft; Apple; Cisco; Google; Oracle; Red Hat; Adobe; Open Source; Everyone Else; Chapter 12: The Vulnerability Management Program; Design; Develop; Deploy; Operate; Maturity; Maturity Categories; Descriptions; Chapter 13: Vulnerability Management Design; Crawl, Walk, Run, Sprint; Implement for Today, But Plan for Tomorrow; It's All About Business Value; Chapter 14: Vulnerability Management Development; Vulnerability Management Scope; Operating Systems; Client Applications; Web Applications. |
|
Network DevicesDatabases; Flat File Databases; Hypervisors; IaaS and PaaS; Mobile Devices; IoT; Industrial Control Systems (ICS) and SCADA; DevOps; Docker and Containers; Code Review; Tool Selection; The Vulnerability Management Process; Assessment; Measure; Remediation; Rinse and Repeat {Cycle}; End of Life; Common Vulnerability Lifecycle Mistakes; Mistake 1: Disjointed Vulnerability Management; Solution; Mistake 2: Relying on Remote Assessment Alone; Solution; Mistake 3: Unprotected Zero-Day Vulnerabilities; Solution; Mistake 4: Decentralized Visibility; Solution. |
|
Mistake 5: Compliance at the Expense of SecuritySolution; Common Challenges; Aging Infrastructure; Depth and Breadth of the Program; Building the Plan; Step 1: What to Assess?; Step 2: Assessment Configuration; Step 3: Assessment Frequency; Step 4: Establish Ownership; Step 5: Data and Risk Prioritization; Step 6: Reporting; Step 7: Remediation Management; Step 8: Verification and Measurements; Step 9: Third-Party Integration; Chapter 15: Vulnerability Management Deployment; Approach 1: Critical and High-Risk Vulnerabilities Only; Approach 2: Statistical Sampling. |
| Summary |
Build an effective vulnerability management strategy to protect your organization's assets, applications, and data. Today's network environments are dynamic, requiring multiple defenses to mitigate vulnerabilities and stop data breaches. In the modern enterprise, everything connected to the network is a target. Attack surfaces are rapidly expanding to include not only traditional servers and desktops, but also routers, printers, cameras, and other IOT devices. It doesn't matter whether an organization uses LAN, WAN, wireless, or even a modern PAN--savvy criminals have more potential entry points than ever before. To stay ahead of these threats, IT and security leaders must be aware of exposures and understand their potential impact. Asset Attack Vectors will help you build a vulnerability management program designed to work in the modern threat environment. Drawing on years of combined experience, the authors detail the latest techniques for threat analysis, risk measurement, and regulatory reporting. They also outline practical service level agreements (SLAs) for vulnerability management and patch management. Vulnerability management needs to be more than a compliance check box; it should be the foundation of your organization's cybersecurity strategy. Read Asset Attack Vectors to get ahead of threats and protect your organization with an effective asset protection strategy. What You'll Learn: Create comprehensive assessment and risk identification policies and procedures Implement a complete vulnerability management workflow in nine easy steps Understand the implications of active, dormant, and carrier vulnerability states Develop, deploy, and maintain custom and commercial vulnerability management programs Discover the best strategies for vulnerability remediation, mitigation, and removal Automate credentialed scans that leverage least-privilege access principles Read real-world case studies that share successful strategies and reveal potential pitfalls. |
| Subject |
Computer security.
|
|
Computer Security |
|
Sécurité informatique. |
|
Computer security |
| Added Author |
Hibbert, Brad.
|
| Other Form: |
Printed edition: 9781484236260 |
| ISBN |
9781484236277 (electronic bk.) |
|
1484236270 (electronic bk.) |
|
1484236262 |
|
9781484236260 |
| Standard No. |
9781484236260 |
|
10.1007/978-1-4842-3627-7 doi |
|
More Resources