Developing Cybersecurity Programs and Policies, 3rd Edition © 2019

This book is a complete guide to establishing a cybersecurity program and governance in your organization. In this book, students will learn how to create cybersecurity policies, standards, procedures, guidelines, and plans — and the differences among them. This book covers the Confidentiality, Integrity & Availability (CIA) security model. Students will also learn how threat actors are launching attacks against their victims, compromising confidentiality, integrity, and availability of systems and networks. This book covers the National Institute of Standards and Technology (NIST) Cybersecurity Framework and ISO/IEC 27000-series standards. Readers will learn how to align security with business strategy, define, inventory, and classify information and systems.

This book teaches students how to systematically identify, prioritize, and manage cybersecurity risks and reduce social engineering (human) risks with role-based Security Education, Awareness, and Training (SETA). They will also learn how to implement effective physical, environmental, communications, and operational security; and effectively manage access control. In this book students will learn how to respond to incidents and ensure continuity of operations and how to comply with laws and regulations, including Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act/ Health Information Technology for Economic and Clinical Health (HIPAA/HITECH), Federal Information Security Management Act (FISMA), state data security and notification rules, and Payment Card Industry Data Security Standard (PCI DSS).

• The in-depth, up-to-the-minute guide to information security policy for every practitioner and advanced student
• In-depth coverage of information security policy from definition, psychology, standard frameworks, and creating a culture of compliance
• Thorough coverage of Security Education, Training & Awareness (SETA)
• Appendices include: Employee Affirmation Statement and Resources for Security Professionals
• Recommended text for the capstone course in the Pearson IT Cybersecurity Curriculum

Updated to cover the latest information in cybersecurity:

1. Updated to include “cybersecurity” (which expands the universe of information security). cross reference to ISO 27000 (current edition), ISO 27032:2012 Guidelines for Cybersecurity, NIST Cybersecurity Framework or alternately – not use cross references. The cross references drive the organization of the book.
2. If the book is going to be more cyber based, adding a chapter on Attacks and Attackers and the chapter on Incident Response is expanded.
3. As applicable, newer technologies should be referenced (e.g. virtualization, DLP, NAC, Cloud, MDM)
4. Part 3 Regulatory Compliance (Chapters 13,14, 15) updated to reflect current regulatory expectations and contractual obligations.
5. FYIs updated to reflect current examples.
6. All embedded examples reviewed to ensure they are still relevant.
7. All exercises and case studies reviewed to ensure they are still relevant.
8. The policies themselves will only need minor tweaking + any language specific to “cyber”