book

Developing Cybersecurity Programs and Policies, 3rd Edition

by Omar Santos, Sari Greene

August 2018

Intermediate to advanced

672 pages

19h 24m

English

Pearson

Read now

Unlock full access

Related skills

Security

Associated roles

C++ developer
Cybersecurity engineer
Go developer
Java developer

Penetration tester
Python developer
SRE
Tech lead

+4 more

Information Security vs. Cybersecurity PoliciesLooking at Policy Through the AgesCybersecurity PolicyCybersecurity Policy Life CycleSummaryTest Your Skills
Policy HierarchyWriting Style and TechniquePolicy FormatSummaryTest Your Skills
Confidentiality, Integrity, and AvailabilityNIST’s Cybersecurity FrameworkSummaryTest Your Skills
Understanding Cybersecurity PoliciesCybersecurity RiskSummaryTest Your Skills
Information Assets and SystemsInformation ClassificationLabeling and Handling StandardsInformation Systems InventoryUnderstanding Data Loss Prevention TechnologiesSummaryTest Your Skills
The Employee Life CycleThe Importance of Employee AgreementsThe Importance of Security Education and TrainingSummaryTest Your Skills
Understanding the Secure Facility Layered Defense ModelProtecting EquipmentSummaryTest Your Skills
Standard Operating ProceduresOperational Change ControlMalware ProtectionData ReplicationSecure MessagingActivity Monitoring and Log AnalysisService Provider OversightThreat Intelligence and Information SharingSummaryTest Your Skills
Access Control FundamentalsInfrastructure Access ControlsUser Access ControlsSummaryTest Your Skills
System Security RequirementsSecure CodeCryptographySummaryTest Your Skills
Incident ResponseWhat Happened? Investigation and Evidence HandlingData Breach Notification RequirementsSummaryTest Your Skills
Emergency PreparednessBusiness Continuity Risk ManagementThe Business Continuity PlanPlan Testing and MaintenanceSummaryTest Your Skills
The Gramm-Leach-Bliley ActNew York’s Department of Financial Services Cybersecurity Regulation (23 NYCRR Part 500)What Is a Regulatory Examination?Personal and Corporate Identity TheftSummaryTest Your Skills
The HIPAA Security RuleThe HITECH Act and the Omnibus RuleUnderstanding the HIPAA Compliance Enforcement ProcessSummaryTest Your Skills
Protecting Cardholder DataPCI ComplianceSummaryTest Your Skills
Introducing the NIST Cybersecurity Framework ComponentsThe Framework CoreFramework Implementation Tiers (“Tiers”)NIST’s Recommended Steps to Establish or Improve a Cybersecurity ProgramNIST’s Cybersecurity Framework Reference ToolAdopting the NIST Cybersecurity Framework in Real LifeSummaryTest Your Skills

Content preview from Developing Cybersecurity Programs and Policies, 3rd Edition

Chapter 9 Access Control Management

Chapter Objectives

After reading this chapter and completing the exercises, you will be able to do the following:

Explain access control fundamentals.
Apply the concepts of default deny, need-to-know, and least privilege.
Understand secure authentication.
Protect systems from risks associated with Internet connectivity, remote access, and telework environments.
Manage and monitor user and administrator access.
Develop policies to support access control management.

What could be more essential to security than managing access to information and information systems? The primary objective of access controls is to protect information and information systems from unauthorized access (confidentiality), modification ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Developing Cybersecurity Programs and Policies in an AI-Driven World, 4th Edition

Omar Santos

Security Program and Policies: Principles and Practices, Second Edition

Sari Greene

Cybersecurity – Attack and Defense Strategies, 3rd edition - Third Edition

Yuri Diogenes, Dr. Erdal Ozkaya

Security Policies and Implementation Issues, 3rd Edition

Robert Johnson, Chuck Easttom

Publisher Resources

ISBN: 9780134858623

Chapter 9

Access Control Management