This Book by LIMSbook.com is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Title:Comprehensive Guide to Developing and Implementing a Cybersecurity Plan: Second Edition

Editor:Shawn Douglas

Publisher:LabLynx Press

Download FREE eBook Edition

 

Table of Contents

• Chapter: About this book
  • Introduction
• Chapter: 1. What is a cybersecurity plan and why do you need it?
  • 1.1 Cybersecurity planning and its value
• Chapter: 2. What are the major regulations and standards dictating cybersecurity action?
  • 2.1 Cybersecurity standards frameworks
• Chapter: 3. Fitting a cybersecurity standards framework into a cybersecurity plan
  • 3.1 How do cybersecurity controls and frameworks guide plan development?
• Chapter: 4. NIST Special Publication 800-53, Revision 5 and the NIST Cybersecurity Framework
  • 4.1 NIST Cybersecurity Framework
• Chapter: 5. Develop and create the cybersecurity plan
  • 5.1 Develop strategic cybersecurity goals and define success
  • 5.2 Define scope and responsibilities
  • 5.3 Identify cybersecurity requirements and objectives
  • 5.4 Establish performance indicators and associated time frames
  • 5.5 Identify key stakeholders
  • 5.6 Determine resource needs
  • 5.7 Develop a communications plan
  • 5.8 Develop a response and continuity plan
  • 5.9 Establish how the overall cybersecurity plan will be implemented
  • 5.10 Review progress
• Chapter: 6. Closing remarks
  • 6.1 Recap and closing
• Chapter: Appendix 1. A simplified description of NIST Special Publication 800-53 controls, with ties to LIMSpec
  • Appendix 1.1 Access control
  • Appendix 1.2 Awareness and training
  • Appendix 1.3 Audit and accountability
  • Appendix 1.4 Assessment, authorization, and monitoring
  • Appendix 1.5 Configuration management
  • Appendix 1.6 Contingency planning
  • Appendix 1.7 Identification and authentication
  • Appendix 1.8 Incident response
  • Appendix 1.9 Maintenance
  • Appendix 1.10 Media protection
  • Appendix 1.11 Physical and environmental protection
  • Appendix 1.12 Planning
  • Appendix 1.13 Program management
  • Appendix 1.14 Personnel security
  • Appendix 1.15 Personally identifiable information processing and transparency
  • Appendix 1.16 Risk assessment
  • Appendix 1.17 System and services acquisition
  • Appendix 1.18 System and communications protection
  • Appendix 1.19 System and information integrity
  • Appendix 1.20 Supply chain risk management