The art of war is of vital importance to the state. It is a matter of life or death. Hence, it is a subject which can on no account be neglected.—Sun TzuWhy are we calling this war? It’s because the conflict in cyberspace is a matter of national concern, and we are, most assuredly, losing the current struggle. So, what do we do? The person who best understands war is a 2,300-year-old Chinese general who saw conflict as more about process and strategy than ...

The Complete Guide to Cybersecurity Risks and Controls presents the fundamental concepts of information and communication technology (ICT) governance and control. In this book, you will learn how to create a working, practical control structure that will ensure the ongoing, day-to-day trustworthiness of ICT systems and data. The book explains how to establish systematic control functions and timely reporting procedures within a standard organizational framework and how to build auditable t...

The book presents the concepts of ICT supply chain risk management from the perspective of NIST IR 800-161. It covers how to create a verifiable audit-based control structure to ensure comprehensive security for acquired products. It explains how to establish systematic control over the supply chain and how to build auditable trust into the products and services acquired by the organization. It details a capability maturity development process that will install an increasingly competent pr...

The book provides the complete strategic understanding requisite to allow a person to create and use the RMF process recommendations for risk management. This will be the case both for applications of the RMF in corporate training situations, as well as for any individual who wants to obtain specialized knowledge in organizational risk management. It is an all-purpose roadmap of sorts aimed at the practical understanding and implementation of the risk management process as a standard entit...

A Guide to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0) presents a comprehensive discussion of the tasks, knowledge, skill, and ability (KSA) requirements of the NICE Cybersecurity Workforce Framework 2.0. It discusses in detail the relationship between the NICE framework and the NIST’s cybersecurity framework (CSF), showing how the NICE model specifies what the particular specialty areas of the workforce should be doin...

This book presents a standard methodology approach to cyber-resilience. Readers will learn how to design a cyber-resilient architecture for a given organization as well as how to maintain a state of cyber-resilience in its day-to-day operation. Readers will know how to establish a state of systematic cyber-resilience within this structure and how to evolve the protection to correctly address the threat environment. This revolves around the steps to perform strategic cyber-resilience planni...

This book presents a standard methodology approach to cyber-resilience. Readers will learn how to design a cyber-resilient architecture for a given organization as well as how to maintain a state of cyber-resilience in its day-to-day operation. Readers will know how to establish a state of systematic cyber-resilience within this structure and how to evolve the protection to correctly address the threat environment. This revolves around the steps to perform strategic cyber-resilience planni...

For trainers free additional material of this book is available. This can be found under the "Training Material" tab. Log in with your trainer account to access the material. In the world of international IT Service Management the previous editions of this book have acquired an excellent reputation as guidance on the topic of ITIL. Over the years this authoritative guide has earned its place on the bookshelves and in the briefcases of industry experts as they implement best practices withi...

Building a Practical Information Security Program provides users with a strategic view on how to build an information security program that aligns with business objectives. The information provided enables both executive management and IT managers not only to validate existing security programs, but also to build new business-driven security programs. In addition, the subject matter supports aspiring security engineers to forge a career path to successfully manage a security program, there...

How can software architecture be designed in agile projects in industry?How is software architecture designed in agile projects in your industry?How to design a software architecture for applications based on unified personal information?How will software architecture and tools evolve over the next several years?What importance does software architecture have for open source software projects?What is the difference between the notions software archit...

This Software Requirements Management Guide is DIFFERENT from books you're used to. If you're looking for a textbook, this is not for you. This book and its included digital components is for you who understands the importance of asking great questions. This gives you the questions to uncover the Software Requirements Management challenges you're facing and generate better solutions to solve those problems.Ask questions like: * How are outputs preserved and protect...

A Guide to the Business Analysis Body of Knowledge® (BABOK**® Guide) is the only globally recognized standard of practice for business analysis. Developed through a rigorous consensus-driven standards process, the BABOK**® Guide incorporates the collective wisdom and experience of experts in the field from around the world.Previous editions have guided hundreds of thousands of professionals in their work, and it has been adopted by hundreds of enterprises...