Developing Cybersecurity Programs and Policies is a complete guide to establishing a cyber security program and governance in your organization. In this book, you will learn how to create cyber security policies, standards, procedures, guidelines, and plans-and the differences among them. You will also learn how threat actors are launching attacks against their victims-compromising confidentiality, integrity, and availability of systems and networks.

Santos starts by providing an overview of cybersecurity policy and governance, and how to create cybersecurity policies and develop a cybersecurity framework. He then provides details about governance, risk management, asset management, and data loss prevention.   

• Respond to incidents and ensure continuity of operations
• Comply with laws and regulations, including GLBA, HIPAA/HITECH, FISMA, state data security and notification rules, and PCI DSS
• Systematically identify, prioritize, and manage cyber security risks and reduce social engineering (human) risks with role-based Security Education, Awareness, and Training (SETA)
• Incorporate human resources, physical, and environmental security as important elements of your cybersecurity program.
• Implement appropriate security controls in the cloud, often using automation
• Understand Identity and Access Management (IAM)

This book includes:

• Practical, hands-on exercises related to several key topics to defend various cloud workloads operating in the different CSP models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Functions as a Service (FaaS)
• Covers NIST Cyber Security Framework and ISO/IEC 27000-series standards

Chapter 1. Understanding Cyber Security Policy and Governance