This book gives security managers and implementers a comprehensive understanding of the technology, operational procedures, and management practices needed for successful cybersecurity. The book makes extensive use of standards and best practices documents that are used to guide or mandate cybersecurity implementation. Going beyond these, it offers in-depth tutorials on the “how” of implementation, integrated into a unified framework and realistic plan of action. Here is the Table of Contents. The Pearson Site for this book includes PPT slides and answers to review questions for instructors.
Useful Links
Computer Science Student Resource Site: Help and advice for students and professionals.
Errata sheet: Latest list of errors, updated at most monthly. File name is Errata-Cybersecurity-mmyy. If you spot any errors, please contact me at 
.Chapter 1 - Best Practices and Standards
NIST Cybersecurity Site: A range of resources related to NIST programs and documents on cybersecurity.
NIST Computer Security Resource Center: This is an essential resource. Provides access to CSRC projects, news, huge publications library, and an extensive glossary.
Information Security Forum: Many resources, including the Standard of Good Practice. Many of these require that you be a member but there are some useful free resources.
PCI Security Standards Council: Provides free access to PCI-DSS, other standards, and supporting documents.
ITU-T Recommendations: The complete collection of Recommendations, most of which are free.
Center for Internet Security: Provides a collection of controls, best practices, and threat reports.
ISACA: Good collection of documents and other resources.
ENISA: Home page for the EU Agency for Network and Information Security. Excellent collection of documents.
Communications Security Establishment: Home page for the the Government of Canada's national cryptologic agency. A number of useful documents.
Chapter 3 - Information Risk Assessment
CAPEC: Common Attack Pattern Enumeration and Classification. Maintained by MITRE, CAPEC™ is a comprehensive dictionary and classification taxonomy of known attacks that can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses.
NIST National Vulnerability Database (NVD): Repository of standards based vulnerability management data. This enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
Security Focus: A wide variety of security information, with an emphasis on vendor products and end-user concerns. Maintains the Bugtraq, a mailing list for the detailed discussion and announcement of computer security vulnerabilities.
SANS Institute: Similar to Security Focus. Extensive collection of white papers. Maintains Internet Storm Center, which provides a warning service to Internet users and organizations concerning security threats.
Packet Storm: Resource of up-to-date and historical security tools, exploits, and advisories.
Open Group Security Standards: Security documents including those related to FAIR.
Chapter 4 - People Management
NIST Awareness, Training, and Education (ATE): Contains a number of links to government, industry, and academic sites that offer or sell both awareness and training material.
Chapter 6 - Information Management
EU GDPR: Documents and links related to the General Data Protection Regulation.
Chapter 7 - Physical Asset Management
Industrial Control Systems Cyber Emergency Response Team: Web site maintained by the U.S. Department of Homeland Security. The site contains a wide range of advisories, fact sheets, and white papers, and is frequently updated..
Chapter 9 - Business Application Management
Open Web Application Security Project: An open software security community with a range of resources.
Chapter 12 - Networks and Communications
Firewall.com: Numerous links to firewall references and software resources.
Chapter 13 - Supply Chain Management
Cyber Supply Chain Risk Management: NIST project site. A number of documents on the subject.
Cloud Standards Customer Council: NIST project site. A number of documents on the subject.
Cloud Security Alliance: Organization promoting best practices for cloud security implementation. Site contains useful documents and links.
NIST CLoud Computing Program:Useful information, links, and documents.
Chapter 14 - Technical Security Management
SABSA: Useful white papers on Enterprise Security Architecture and related topics.
Vmyths: Dedicated to exposing virus hoaxes and dispelling misconceptions about real viruses.
SecureList: Site maintained by commercial antivirus software provider. Good collection of useful information on viruses, hackers, and spam.
DDoS Attacks/Tools: Extensive list of links and documents.
Network Abuse Clearinghouse: Web sites, software, books, and other resources for dealing with spam and other network abuse.
NIST Cryptographic Module Validation Program: Validates vendor offerings using independent accredited laboratories.
Chapter 15 - Threat and Incident Management
CERT Coordination Center: The organization that grew from the computer emergency response team formed by the Defense Advanced Research Projects Agency. Site provides good information on Internet security threats, vulnerabilities, and attack statistics.
United States Computer Emergency Readiness Team: US-CERT is a partnership between the Department of Homeland Security and the public and private sectors, intended to coordinate the response to security threats from the Internet. The site has a good collection of technical papers, and information and alerts on current security issues, vulnerabilities and exploits.
National Council of ISACs: Central site for 20 information sharing and analysis centers. ISACs provide a central resource for gathering information on cyber threats to critical infrastructure and providing two-way sharing of information between the private and public sector.
Chapter 16 - Local Environment Management
United Nations Office for Disaster Risk Reduction: Wide range of resources for planning for and dealing with national disasters.
Natural Disaster Risk Management Series: A useful collection of publications an natural disaster risk management.