William Stallings’ Effective Cybersecurity offers a comprehensive and unified explanation of the best practices and standards that represent proven, consensus techniques for implementing cybersecurity. Stallings draws on the immense work that has been collected in multiple key security documents, making this knowledge far more accessible than it has ever been before. Effective Cybersecurity is organized to align with the comprehensive Information Security Forum document The Standard of Good Practice for Information Security, but deepens, extends, and complements ISF’s work with extensive insights from the ISO 27002 Code of Practice for Information Security Controls, the NIST Framework for Improving Critical Infrastructure Cybersecurity, COBIT 5 for Information Security, and a wide spectrum of standards and guidelines documents from ISO, ITU-T, NIST, Internet RFCs, other official sources, and the professional, academic, and industry literature.

In a single expert source, current and aspiring cybersecurity practitioners will find comprehensive and usable practices for successfully implementing cybersecurity within any organization. Stallings covers:

• Security Planning: Developing approaches for managing and controlling the cybersecurity function; defining the requirements specific to a given IT environment; and developing policies and procedures for managing the security function
• Security Management: Implementing the controls to satisfy the defined security requirements
• Security Evaluation: Assuring that the security management function enables business continuity; monitoring, assessing, and improving the suite of cybersecurity controls.

Beyond requiring a basic understanding of cryptographic terminology and applications, this book is self-contained: all technology areas are explained without requiring other reference material. Each chapter contains a clear technical overview, as well as a detailed discussion of action items and appropriate policies. Stallings, author of 13 TAA Computer Science Textbooks of the Year, offers many pedagogical features designed to help readers master the material. These include: clear learning objectives, keyword lists, and glossaries to QR codes linking to relevant standards documents and web resources.

1. Guides to Practical Cybersecurity
2. Security Governance
3. Information Risk Assessment
4. Security Management
5. People Management
6. Information Management
7. Physical Asset Management
8. System Development
9. Business Applications Management
10. System Access
11. System Management
12. Networks and Communications
13. Supply Chain Management
14. Technical Security Management
15. Threat and Incident Management
16. Local Environment Management