1 Cover
2 Title Page Start-Up Secure Baking Cybersecurity into Your Company from Founding to Exit CHRIS CASTALDO
3 Copyright
4 Dedication
5 Foreword
6 Preface WHY WRITE THIS BOOK? NOTES
7 Acknowledgments
8 About the Author
9 IntroductionABOUT THIS BOOK HOW TO USE THIS BOOK
10 PART ONE: Fundamentals CHAPTER ONE: Minimum Security Investment for Maximum Risk Reduction COMMUNICATING YOUR CYBERSECURITY EMAIL SECURITY SECURE YOUR CREDENTIALS SAAS CAN BE SECURE PATCHING ANTIVIRUS IS STILL NECESSARY BUT GOES BY A DIFFERENT NAME MOBILE DEVICES SUMMARY ACTION PLAN NOTES CHAPTER TWO: Cybersecurity Strategy and Roadmap Development WHAT TYPE OF BUSINESS IS THIS? WHAT TYPES OF CUSTOMERS WILL WE SELL TO? WHAT TYPES OF INFORMATION WILL THE BUSINESS CONSUME? WHAT TYPES OF INFORMATION WILL THE BUSINESS CREATE? WHERE GEOGRAPHICALLY WILL BUSINESS BE CONDUCTED? BUILDING THE ROADMAP CASE STUDY SUMMARY ACTION PLAN NOTE CHAPTER THREE: Secure Your Credentials PASSWORD MANAGERS PASSPHRASE MULTI-FACTOR AUTHENTICATION ENTITLEMENTS KEY MANAGEMENT CASE STUDY SUMMARY ACTION PLAN NOTES CHAPTER FOUR: Endpoint Protection VENDORS SELECTING AN EDR MANAGED DETECTION AND RESPONSE CASE STUDY SUMMARY ACTION PLAN NOTES CHAPTER FIVE: Your Office Network YOUR FIRST OFFICE SPACE CO-WORKING SPACES VIRTUAL PRIVATE NETWORK SUMMARY ACTION PLAN NOTES CHAPTER SIX: Your Product in the Cloud SECURE YOUR CLOUD PROVIDER ACCOUNTS PROTECT YOUR WORKLOADS SECURE YOUR CONTAINERS SUMMARY ACTION PLAN NOTES CHAPTER SEVEN: Information Technology ASSET MANAGEMENT IDENTITY AND ACCESS MANAGEMENT SUMMARY ACTION PLAN
11 PART TWO: Growing the Team CHAPTER EIGHT: Hiring, Outsourcing, or Hybrid CATALYSTS TO HIRING GET THE FIRST HIRE RIGHT EXECUTIVE VERSUS INDIVIDUAL CONTRIBUTOR RECRUITING JOB DESCRIPTIONS INTERVIEWING FIRST 90 DAYS IS A MYTH SUMMARY ACTION PLAN NOTE
12 PART THREE: Maturation CHAPTER NINE: Compliance MASTER SERVICE AGREEMENTS, TERMS AND CONDITIONS, OH MY PATCH AND VULNERABILITY MANAGEMENT ANTIVIRUS AUDITING INCIDENT RESPONSE POLICIES AND CONTROLS CHANGE MANAGEMENT ENCRYPTION DATA LOSS PREVENTION DATA PROCESSING AGREEMENT SUMMARY ACTION PLAN NOTE CHAPTER TEN: Industry and Government Standards and Regulations OPEN SOURCE UNITED STATES PUBLIC RETAIL ENERGY, OIL, AND GAS HEALTH FINANCIAL EDUCATION INTERNATIONAL UNITED STATES FEDERAL AND STATE GOVERNMENT SUMMARY ACTION PLAN NOTES CHAPTER ELEVEN: Communicating Your Cybersecurity Posture and Maturity to Customers CERTIFICATIONS AND AUDITS QUESTIONNAIRES SHARING DATA WITH YOUR CUSTOMER CASE STUDY SUMMARY ACTION PLAN NOTES CHAPTER TWELVE: When the Breach Happens CYBER INSURANCE INCIDENT RESPONSE RETAINERS THE INCIDENT TABLETOP EXERCISES SUMMARY ACTION PLAN NOTE CHAPTER THIRTEEN: Secure Development FRAMEWORKS MICROSOFT SDL PRE-COMMIT INTEGRATED DEVELOPMENT ENVIRONMENT COMMIT BUILD PENETRATION TESTING SUMMARY ACTION PLAN NOTES CHAPTER FOURTEEN: Third-Party Risk TERMS AND CONDITIONS SHOULD I REVIEW THIS VENDOR? WHAT TO ASK AND LOOK FOR SUMMARY ACTION PLAN NOTE CHAPTER FIFTEEN: Bringing It All Together
13 Glossary
14 Index
15 End User License Agreement
1 Introduction FIGURE I.1 Startup Development Phases – From Idea to Business and Talent to Organization
2 Chapter 1 FIGURE 1.1 Yubikey Product Line FIGURE 1.2 Google Titan Security Keys
3 Chapter 3FIGURE 3.1 Example of a Push-Based MFA
4 Chapter 4FIGURE 4.1 Diagram Showing the Progression of Endpoint SecurityFIGURE 4.2 Magic Quadrant for Endpoint Protection PlatformsFIGURE 4.3 Gartner Scope of MDR Services
5 Chapter 5FIGURE 5.1 Magic Quadrant for the Wired and Wireless LAN Access Infrastructu...FIGURE 5.2 Comparison of SDP, VPN, and Zero-Trust Networks
6 Chapter 6FIGURE 6.1 Magic Quadrant for Cloud Infrastructure as a ServiceFIGURE 6.2 Cloud Security Posture Management (CSPM)FIGURE 6.3 Comparison of Popular Fleet Management SolutionsFIGURE 6.4 Depiction of Container Orchestration
7 Chapter 7FIGURE 7.1 Depiction of the Differences between MDM, EMM, and UEMFIGURE 7.2 Typical Identity Management Life Cycle
8 Chapter 8FIGURE 8.1 Heat Map of Chief Security Officer Hiring Across the United State...
9 Chapter 10FIGURE 10.1 Depiction of OWASP Top 10 2017FIGURE 10.2 CIS Controls and LevelsFIGURE 10.3 SOC Report Types ComparisonFIGURE 10.4 NIST Cybersecurity Framework PillarsFIGURE 10.5 Joint Authorization Board (JAB) WorkflowFIGURE 10.6 Agency Authorization Source: www.fedramp.gov
10 Chapter 11FIGURE 11.1 Popular Certification Control Coverage RobustnessFIGURE 11.2 Shared Assessments Third-Party Risk Management Toolkit Workflow...FIGURE 11.3 CSA STAR Levels
11 Chapter 13FIGURE 13.1 The Four Pillars of BSIMM and High-Level ComponentsFIGURE 13.2 OpenSAMM Framework Pillar and PracticesFIGURE 13.3 CMMI Maturity LevelsFIGURE 13.4 Microsoft SDL Workflow
1 Cover
2 Table of Contents
3 Begin Reading
1 i
2 v
3 vi
4 vii
5 xv
6 xvi
7 xvii
8 xviii
9 xix
10 xxi
11 xxii
12 xxiii
13 xxv
14 1
15 2
16 3
17 4
18 5
19 7
20 8
21 9
22 10
23 11
24 12
25 13
26 14
27 15
28 16
29 17
30 18
31 19
32 20
33 21
34 23
35 24
36 25
37 26
38 27
39 28
40 29
41 30
42 31
43 32
44 33
45 34
46 35
47 36
48 37
49 38
50 39
51 40
52 41
53 42
54 43
55 44
56 45
57 46
58 47
59 48
60 49
61 50
62 51
63 52
64 53
65 54
66 55
67 56
68 57
69 58
70 59
71 60
72 61
73 63
74 64
75 65
76 66
77 67
78 68
79 69
80 70
81 71
82 73
83 74
84 75
85 76
86 77
87 78
88 79
89 81
90 82
91 83
92 84
93 85
94 86
95 87
96 88
97 89
98 90
99 91
100 93
101 95
102 96
103 97
104 98
105 99
106 100
107 101
108 102
109 103
110 105
111 106
112 107
113 108
114 109
115 110
116 111
117 112
118 113
119 114
120 115
121 116
122 117
123 118
124 119
125 120
126 121
127 122
128 123
129 124
130 125
131 127
132 128
133 129
134 130
135 131
136 132
137 133
138 134
139 135
140 136
141 137
142 138
143 139
144 140
145 141
146 142
147 143
148 144
149 145
150 146
151 147
152 148
153 149
154 150
155 151
156 153
157 154
158 155
159 156
160 157
161 158
162 159
163 161
164 162
165 163
166 164
167 165
168 167
169 168
170 169
171 170
172 171
173 172
174 173
175 174
176 175
177 176
178 177
179 178
180 179
181 181
182 182
183 183
184 184
185 185
186 186
187 187
188 188
189 189
190 190
191 191
192 192
Additional praise for Start-Up Secure
“It's rare to see a cybersecurity guide of any kind that is relevant, current, and, most importantly, cogent and accessible. Chris Castaldo has not only produced such a guide but has tailored it for an audience who has never before received such wisdom in a digestible manner – the startup community. Startups are notoriously fast-moving, and Castaldo's book keeps up with them, showing them the types of practical security controls they need throughout their rapid journey to whatever exit strategy they envision.”
Читать дальше