pete2-testing + plus

Welcome to Cybersecurity Management II - Tactical

• Learning Resources
• Topics and Pacing

Security Assessment and Testing

Vulnerabilities

• Who Is Who in Vulnerabilities Tracking
• Zero‐Day Exploits
• Vulnerabilities Mapping
• Vulnerability Testing
• Prioritizing Vulnerability Remediation

Cybersecurity Systems: Acquisition, Development, and Maintenance

• Build, Buy, or Update: Incorporating Cybersecurity Requirements and Establishing Sound Practices
• Specific Considerations
• Conclusion
• About the Authors: Deloitte Advisory Cyber Risk Services
• About the Authors: Michael Wyatt

Performing a Security Risk Assessment

Technical Guide to Information Security Testing and Assessment

CISSP Study Guide: Security Assessment and Testing

Managing Security Operations

Cybersecurity for Operations and Communications

• Do You Know What You Do Not Know?
• Threat Landscape—What Do You Know About Your Organization Risk and Who Is Targeting You?
• Data and Its Integrity—Does Your Risk Analysis Produce Insight?
• Digital Revolution—What Threats Will Emerge as Organizations Continue to Digitize?
• Changes—How Will Your Organization or Operational Changes Affect Risk?
• People—How Do You Know Whether an Insider or Outsider Presents a Risk?
• What’s Hindering Your Cybersecurity Operations?
• Challenges from Within
• What to Do Now
• Conclusion
• About the Authors: EY
• About the Authors: Chad Holmes
• About the Authors: James Phillippe

Threats

• Types of Threats
• Threat Rankings
• Threat Intelligence
• Threat Modeling

People

• What's in It for Me?
• Attitude Adjustment!
• The Right Message, Delivered the Right Way
• Cybersecurity‐Awareness Training

Internal Organization Context

• The Internal Organization Context for Cybersecurity
• Tailoring Cybersecurity to Enterprise Exposures
• Conclusion
• About the Authors: Domenic Antonucci
• About the Authors: Bassam Alwarith

Assurance and Cyber Risk Management

• What the Internal Auditor Expects from an Organization Managing Its Cyber Risks Effectively
• How to Deal with Two Differing Assurance Maturity Scenarios
• Combined Assurance Reporting by ERM Head
• Conclusion
• About Stig Sunde, CISA, CIA, CGAP, CRISC, IRM Cert.

Six Strategies for Defense in Depth

CISSP Study Guide: Managing Security Operations

Preventing and Responding to Incidents

Incident-Response Planning

• Incident‐Response Planning: Not Just a Good Idea—It's the Law!
• Incident‐Response Plan Phases
• Preparing Your Incident‐Response Plan
• Identifying Incidents
• Containing Incidents
• Treating Incidents
• Incident Recovery
• Post‐Incident Review
• Do It All Over Again!

Cybersecurity Incident and Crisis Management

• Cybersecurity Incident Management
• Cybersecurity Crisis Management
• Conclusion
• About CLUSIF
• About Gérôme Billois, CISA, CISSP and ISO27001 Certified
• About Wavestone

Advanced Persistent Threat (APT) Explained

Culture and Human Factors

• Organizations as Social Systems
• Human Factors and Cybersecurity
• Training
• Frameworks and Standards
• Technology Trends and Human Factors
• Conclusion
• About the Authors: ISACA
• About the Authors: Avinash Totade
• About the Authors: Sandeep Godbole

CIS Controls

Guidelines for Securing Wireless Local Area Networks (WLANs)

CISSP Study Guide: Preventing and Responding to Incidents

Business Continuity

Assets

• Asset Classification
• Asset Metadata
• Business‐Impact Analysis
• One Spreadsheet to Rule Them All

Monitoring and Review Using Key Risk Indicators

• Definitions
• KRI Design for Cyber Risk Management
• Conclusion
• About Wability
• About Ann Rodriguez

People Risk Management in the Digital Age

• Rise of the Machines
• Enterprise-Wide Risk Management
• Tomorrow’s Talent
• Crisis Management
• Risk Culture
• Conclusion
• About Airmic
• About Julia Graham

CISSP Study Guide: Business Continuity

Investigations and Ethics

CISSP Study Guide: Investigations and Ethics

Critical Security Controls

External Context and Supply Chain

• External Context
• Building Cybersecurity Management Capabilities from an External Perspective
• Measuring Cybersecurity Management Capabilities from an External Perspective
• Conclusion
• About The SCRLC
• About Nick Wildgoose, BA (Hons), FCA, FCIPS

Physical Security Chain

• Tom Commits to a Plan
• Get a Clear View on the Physical Security Risk Landscape and the Impact on Cybersecurity
• Manage or Review the Cybersecurity Organization
• Design or Review Integrated Security Measures
• Reworking the Data Center Scenario
• Calculate or Review Exposure to Adversary Attacks
• Optimize Return on Security Investment
• Conclusion
• About Radar Risk Group
• About Inge Vandijck
• About Paul van Lerberghe

CISSP Study Guide: Critical Security Controls

Supplemental: Everything You Always Wanted to Know About Tech (But Were Afraid to Ask Your Kids)

• In the Beginning…
• Key Definitions