Details
Start-Up Secure
Baking Cybersecurity into Your Company from Founding to Exit1. Aufl.
|
25,99 € |
|
| Verlag: | Wiley |
| Format: | EPUB |
| Veröffentl.: | 14.04.2021 |
| ISBN/EAN: | 9781119700753 |
| Sprache: | englisch |
| Anzahl Seiten: | 224 |
DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.
Beschreibungen
<p><b>Add cybersecurity to your value proposition and protect your company from cyberattacks</b></p> <p>Cybersecurity is now a requirement for every company in the world regardless of size or industry. <i>Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit</i> covers everything a founder, entrepreneur and venture capitalist should know when building a secure company in today’s world. It takes you step-by-step through the cybersecurity moves you need to make at every stage, from landing your first round of funding through to a successful exit. The book describes how to include security and privacy from the start and build a cyber resilient company. You'll learn the basic cybersecurity concepts every founder needs to know, and you'll see how baking in security drives the value proposition for your startup’s target market. This book will also show you how to scale cybersecurity within your organization, even if you aren’t an expert!</p> <p>Cybersecurity as a whole can be overwhelming for startup founders. <i>Start-Up Secure</i> breaks down the essentials so you can determine what is right for your start-up and your customers. You’ll learn techniques, tools, and strategies that will ensure data security for yourself, your customers, your funders, and your employees. Pick and choose the suggestions that make the most sense for your situation—based on the solid information in this book.</p> <ul> <li>Get primed on the basic cybersecurity concepts every founder needs to know</li> <li>Learn how to use cybersecurity know-how to add to your value proposition</li> <li>Ensure that your company stays secure through all its phases, and scale cybersecurity wisely as your business grows</li> <li>Make a clean and successful exit with the peace of mind that comes with knowing your company's data is fully secure</li> </ul> <p><i>Start-Up Secure</i> is the go-to source on cybersecurity for start-up entrepreneurs, leaders, and individual contributors who need to select the right frameworks and standards at every phase of the entrepreneurial journey.</p>
<p>Foreword xv</p> <p>Preface xvii</p> <p>Acknowledgments xxi</p> <p>About the Author xxv</p> <p>Introduction 1</p> <p><b>Part I Fundamentals</b></p> <p><b>Chapter 1: Minimum Security Investment for Maximum Risk Reduction 7</b></p> <p>Communicating Your Cybersecurity 9</p> <p>Email Security 10</p> <p>Secure Your Credentials 12</p> <p>SAAS Can Be Secure 14</p> <p>Patching 15</p> <p>Antivirus is Still Necessary but Goes by a Different Name 18</p> <p>Mobile Devices 18</p> <p>Summary 20</p> <p>Action Plan 20</p> <p>Notes 21</p> <p><b>Chapter 2: Cybersecurity Strategy and Roadmap Development 23</b></p> <p>What Type of Business is This? 24</p> <p>What Types of Customers Will We Sell To? 24</p> <p>What Types of Information Will the Business Consume? 25</p> <p>What Types of Information Will the Business Create? 25</p> <p>Where Geographically Will Business Be Conducted? 26</p> <p>Building the Roadmap 26</p> <p>Opening Statement 26</p> <p>Stakeholders 27</p> <p>Tactics 27</p> <p>Measurability 27</p> <p>Case Study 28</p> <p>Summary 30</p> <p>Action Plan 30</p> <p>Note 30</p> <p><b>Chapter 3: Secure Your Credentials 31</b></p> <p>Password Managers 32</p> <p>Passphrase 33</p> <p>Multi-Factor Authentication 35</p> <p>Entitlements 37</p> <p>Key Management 38</p> <p>Case Study 39</p> <p>Summary 41</p> <p>Action Plan 42</p> <p>Notes 42</p> <p><b>Chapter 4: Endpoint Protection 43</b></p> <p>Vendors 44</p> <p>Selecting an EDR 45</p> <p>Managed Detection and Response 46</p> <p>Case Study 49</p> <p>Summary 50</p> <p>Action Plan 51</p> <p>Notes 51</p> <p><b>Chapter 5: Your Office Network 53</b></p> <p>Your First Office Space 54</p> <p>Co-Working Spaces 57</p> <p>Virtual Private Network 58</p> <p>Summary 60</p> <p>Action Plan 60</p> <p>Notes 60</p> <p><b>Chapter 6: Your Product in the Cloud 63</b></p> <p>Secure Your Cloud Provider Accounts 65</p> <p>Protect Your Workloads 66</p> <p>Patching 67</p> <p>Endpoint Protection 68</p> <p>Secure Your Containers 69</p> <p>Summary 70</p> <p>Action Plan 70</p> <p>Notes 71</p> <p><b>Chapter 7: Information Technology 73</b></p> <p>Asset Management 74</p> <p>Identity and Access Management 76</p> <p>Summary 77</p> <p>Action Plan 78</p> <p><b>Part II Growing the Team</b></p> <p><b>Chapter 8: Hiring, Outsourcing, or Hybrid 81</b></p> <p>Catalysts to Hiring 82</p> <p>Get the First Hire Right 83</p> <p>Executive versus Individual Contributor 84</p> <p>Recruiting 86</p> <p>Job Descriptions 86</p> <p>Interviewing 88</p> <p>First 90 Days is a Myth 90</p> <p>Summary 90</p> <p>Action Plan 90</p> <p>Note 91</p> <p><b>Part III Maturation</b></p> <p><b>Chapter 9: Compliance 95</b></p> <p>Master Service Agreements, Terms and Conditions, Oh My 96</p> <p>Patch and Vulnerability Management 97</p> <p>Antivirus 98</p> <p>Auditing 98</p> <p>Incident Response 99</p> <p>Policies and Controls 100</p> <p>Change Management 100</p> <p>Encryption 101</p> <p>Data Loss Prevention 101</p> <p>Data Processing Agreement 102</p> <p>Summary 102</p> <p>Action Plan 103</p> <p>Note 103</p> <p><b>Chapter 10: Industry and Government Standards and Regulations 105</b></p> <p>Open Source 106</p> <p>OWASP 106</p> <p>Center for Internet Security 20 106</p> <p>United States Public 106</p> <p>SOC 106</p> <p>Retail 109</p> <p>PCI DSS 109</p> <p>SOX 111</p> <p>Energy, Oil, and Gas 111</p> <p>NERC CIP 111</p> <p>ISA-62443-3-3 (99.03.03)-2013 112</p> <p>Federal Energy Regulatory Commission 112</p> <p>Department of Energy Cybersecurity Framework 112</p> <p>Health 113</p> <p>HIPAA 113</p> <p>HITECH 114</p> <p>HITRUST 114</p> <p>Financial 114</p> <p>FFIEC 114</p> <p>FINRA 115</p> <p>NCUA 115</p> <p>Education 115</p> <p>FERPA 115</p> <p>International 116</p> <p>International Organization for Standardization (ISO) 116</p> <p>UL 2900 117</p> <p>GDPR 117</p> <p>Privacy Shield 118</p> <p>UK Cyber Essentials 118</p> <p>United States Federal and State Government 118</p> <p>NIST 119</p> <p>NISPOM 120</p> <p>DFARS PGI 120</p> <p>FedRAMP 120</p> <p>FISMA 122</p> <p>NYCRR 500 122</p> <p>CCPA 122</p> <p>Summary 123</p> <p>Action Plan 123</p> <p>Notes 124</p> <p><b>Chapter 11: Communicating Your Cybersecurity Posture and Maturity to Customers 127</b></p> <p>Certifications and Audits 128</p> <p>Questionnaires 129</p> <p>Shared Assessments 129</p> <p>Cloud Security Alliance 130</p> <p>Vendor Security Alliance 130</p> <p>Sharing Data with Your Customer 131</p> <p>Case Study 133</p> <p>Summary 135</p> <p>Action Plan 136</p> <p>Notes 136</p> <p><b>Chapter 12: When the Breach Happens 137</b></p> <p>Cyber Insurance 138</p> <p>Incident Response Retainers 139</p> <p>The Incident 140</p> <p>Tabletop Exercises 141</p> <p>Summary 142</p> <p>Action Plan 142</p> <p>Note 142</p> <p><b>Chapter 13: Secure Development 143</b></p> <p>Frameworks 144</p> <p>BSIMM 144</p> <p>OpenSAMM 145</p> <p>CMMI 145</p> <p>Microsoft SDL 147</p> <p>Pre-Commit 147</p> <p>Integrated Development Environment 148</p> <p>Commit 148</p> <p>Build 149</p> <p>Penetration Testing 149</p> <p>Summary 150</p> <p>Action Plan 150</p> <p>Notes 151</p> <p><b>Chapter 14: Third-Party Risk 153</b></p> <p>Terms and Conditions 154</p> <p>Should I Review This Vendor? 154</p> <p>What to Ask and Look For 155</p> <p>Verify DMARC Settings 156</p> <p>Check TLS Certificates 157</p> <p>Check the Security Headers of the Website 157</p> <p>Summary 158</p> <p>Action Plan 158</p> <p>Note 159</p> <p><b>Chapter 15: Bringing It All Together 161</b></p> <p>Glossary 167</p> <p>Index 181</p>
<p><b>CHRIS CASTALDO</b> is the Chief Information Security Officer at Crossbeam, the world’s first and most powerful partner ecosystem platform. Crossbeam acts as a data escrow service that finds overlapping customers and prospects with your partners while keeping the rest of your data private and secure. Chris is also a Visiting Fellow at the National Security Institute at George Mason University’s Antonin Scalia Law School. He previously held cybersecurity executive roles at Dataminr, 2U, IronNet Cybersecurity, Synchronoss, and the National Security Agency. He is a U.S. Army and Operation Iraqi Freedom veteran.</p>
<p><b>PRAISE FOR<BR>START-UP SECURE</b></p><p>“A must-read for any start-up organization whether they are providing an application or developing the next great widget. Chris has taken a complex subject and made it relatively simple with step-by-step examples and references to help founders understand their threats. If you are building an organization and plan to be acquired, Chris covers the elements that will happen in a review and highlights the importance of addressing them upfront to reduce costs and make your assessment or funding round as painless as possible.”<BR><b>—HAROLD MOSS,</b> former CTO, IBM</p><p>“Cybersecurity is often one of the things that early stage companies defer—and in doing so, they put their data, their reputations, and their businesses at significant risk. Chris Castaldo offers a clear, comprehensive, and actionable approach to making information security a cornerstone of a modern company’s construction and does so with eloquence and precision. It’s the closest thing to having the ability to hire a seasoned CISO on day one and should be essential reading for every founder.”<BR><b>—KEVIN O’BRIEN,</b> CEO and Co-founder, GreatHorn</p><p>“Chris works to bring a valuable introduction to security basics for the start-up world in a practical, relatable way.”<BR><b>—ANNE MARIE ZETTLEMOYER</b>, Vice President, Security Engineering, Payments Industry; Visiting Fellow, National Security Institute</p><p>“In <i>Start-Up Secure</i> Chris Castaldo does an exceptional job of covering the core essentials founders need when building their companies. He develops the groundwork for entrepreneurs to incorporate sound IT and cybersecurity practices into their start-ups as part of their innovative culture. His book is a great read; I found myself taking notes and really enjoyed the experience. I feel it will provide value to everyone in the start-up community for years to come and can’t wait to see what he writes next.”<BR><b>—GARY HAYSLIP,</b> CISO, SoftBank Investment Advisers</p><p>“Start-up security has been an afterthought for far too long, getting pushed to later stages, and yet a single data breach might doom your fledgling business. Unfortunately, far too many fast growing start-ups fall into this trap and have to deal with the impossible public relations nightmare after a breach. Delay no more! In this thoughtful and approachable book, Chris Castaldo gives you an actionable roadmap to mitigate this massive, yet snubbed, risk to your business. You can easily use this book to get your security program going at any budget or team size. Pick it up, read it, and get implementing.”<BR><b>—SINAN EREN,</b> CEO and founder, Fyde</p>
<p>Additional praise for <i>Star-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit</i></p> <p> </p> <p> </p> <p>"It's rare to see a cybersecurity guide of any kind that is relevant, current, and most importantly, cogent and accessible. Chris Castaldo has not only produced such a guide but has tailored it for an audience who has never before received such wisdom in a digestible manner−the startup community. Startups are notoriously fast-moving, and Castaldo's book keeps up with them, showing them the types of practical security controls they need throughout their rapid journey to whatever exit strategy they envision."</p> <p>--Allan Alford, veteran CISO and co-host of the Defense in Depth podcast</p> <p> </p> <p>"<i>Start-Up Secure </i>offers important insights and advice in an area that is often overlooked by entrepreneurs. Cybersecurity has emerged as a critical competency for businesses, and this trend will likely continue or accelerate. The guidance provided in these pages will save founders from making preventable mistakes in multiple dimensions, from technical security decisions to avoiding unreasonable contract language. The wisdom shared by Chris is hard-learned, and a valuable addition to any entrepreneur's thought process."</p> <p>--Paul Ihme, co-founder, Soteria</p> <p> </p> <p>“Cybersecurity is often thought of as too intimidating or complex for the layperson to comprehend. Chris Castaldo’s book <i>Start-Up Secure</i> seeks to take the mystery out of succeeding at cybersecurity. His straightforward and direct approach serves as an essential guide to starting out on the right foot with your security program. It is accessible and actionable and I would recommend it to anyone seeking to tackle cybersecurity; the most important business challenge of our time.”</p> <p>--Brian Markham, CISO, EAB Global Inc.</p>
Diese Produkte könnten Sie auch interessieren:
