Go to Previous Chapter
Go to Previous Chapter
SECTION 3
Introduction
SECTION 4
Planning Your Security Budget
Security from Zero
CHAPTER 1
Workload Management: Issue tracking
SECTION 1.1
Keep a List
SECTION 1.2
File a Ticket
SECTION 1.3
Managing tickets
SECTION 1.4
Ranking Issues
SECTION 1.5
Removing Obstacles
SECTION 1.6
Master list
SECTION 1.7
For your eyes only
CHAPTER 2
Threat Modeling Exercises
SECTION 2.1
Lightweight vs Heavyweight
SECTION 2.2
A Lightweight Approach
SECTION 2.3
Frequency
SECTION 2.4
Other Threat Modeling Methodologies and Techniques
CHAPTER 3
Introduction
SECTION 3.1
What is Security?
SECTION 3.2
Future-proof Security
CHAPTER 4
Planning Your Security Budget
SECTION 4.1
First Year
SECTION 4.2
Example Budget Exercise
SECTION 4.3
Anticipating Growth
CHAPTER 5
Tracking Vulnerabilities
SECTION 5.1
CVE: Common Vulnerabilities and Exposures
SECTION 5.2
Part of Your Workflow
SECTION 5.3
Automate the Boring Stuff
CHAPTER 6
Goals of this Book
SECTION 6.1
Have No Fear, Everything Can Be Fixed
CHAPTER 7
Effective Bug Bounty Programs
SECTION 7.1
What is a Bug Bounty Program?
SECTION 7.2
The Most Common Mistake
SECTION 7.3
What are the benefits of a Bug Bounty Program?
SECTION 7.4
What makes a Bug Bounty Program successful?
SECTION 7.5
Competitor Comparison
SECTION 7.6
Comparison of Bug Bounty Service Providers
SECTION 7.7
Financial Analysis
SECTION 7.8
Program Scope
SECTION 7.9
Workflow Best Practices
SECTION 7.10
Additional Advice
CHAPTER 8
Kickstarting Your Security Program
SECTION 8.1
When to Start Thinking About Security
SECTION 8.2
Understanding and Identifying Risk
SECTION 8.3
The stage of your company
SECTION 8.4
Your Industry
SECTION 8.5
Your Competition
SECTION 8.6
Resources Available
SECTION 8.7
Getting Buy-In and Support from Leadership
CHAPTER 9
The Importance of Security Culture
SECTION 9.1
Practices of a Healthy Security Culture
SECTION 9.2
Fostering a Culture of Security
SECTION 9.3
Simple Steps You Can Take Today
CHAPTER 10
Responding to Incidents
SECTION 10.1
Elementary Schools Have Better Incident Response Than Your Company
SECTION 10.2
What is Incident Response?
SECTION 10.3
Goals
SECTION 10.4
Non-Goals
SECTION 10.5
Improvement Through Reflection with Post-Mortems
SECTION 10.6
Practice, Practice, Practice
SECTION 10.7
Continuously Adapt and Improve
SECTION 10.8
Helpful Tips
CHAPTER 11
Prioritizing the Work: Effort vs Impact
SECTION 11.1
Level of Effort vs Level of Impact
SECTION 11.2
Borrowing The Fibonacci Scale from Agile
SECTION 11.3
Urgency and Importance: The Eisenhower Matrix
SECTION 11.4
Turning off Easy Mode
CHAPTER 12
Least Privilege & Access Controls
SECTION 12.1
Practicing the Principle of Least Privilege
SECTION 12.2
Onboarding & Offboarding
SECTION 12.3
Trust but Verify with Regular Reviews
SECTION 12.4
Keep it Simple with Identity Management Software
SECTION 12.5
Limiting Access with a VPN
SECTION 12.6
Layered Security with Multi-Factor Authentication
CHAPTER 13
Conclusion
CHAPTER 14
Leveraging Security Frameworks & Questionnaires
CHAPTER 15
Changelog
SECTION 15.1
Revision 7 (2020-04-17)
SECTION 15.2
Revision 6 (2020-04-14)
SECTION 15.3
Revision 5 (2020-04-10)
CHAPTER 16
Your Data-Driven Security Program
SECTION 16.1
Choosing and Collecting the Right Data
SECTION 16.2
Metrics Aren't Goals
SECTION 16.3
Making Data-Driven Decisions
SECTION 16.4
Making Your Data Presentable
CHAPTER 17
Your First Security Hire
SECTION 17.1
The Skillset You're Looking For
SECTION 17.2
Relevant Experience
SECTION 17.3
Setting Them Up For Success
CHAPTER 18
Monitoring & Alerting
SECTION 18.1
Smoke Alarms Detect Smoke, Not Fire
SECTION 18.2
Logging: Your Software's Paper Trail
SECTION 18.3
Monitoring for Events and Anomalies
SECTION 18.4
Event-Based Alerting
SECTION 18.5
Modern Infrastructure: Centralized Monitoring for Decentralized Systems
SECTION 18.6
Admin Interfaces & Audit Logs
CHAPTER 19
Appendix
SECTION 19.1
Responding to Incidents
SECTION 19.2
Threat Modeling Exercises
SECTION 19.3
Effective Bug Bounty Programs
SECTION 19.4
Least Privilege & Access Control
SECTION 19.5
Monitoring & Alerting
CHAPTER 20
Regulation and Compliance
SECTION 20.1
Lessons from Security Frameworks
SECTION 20.2
Keeping Up With New Rules
SECTION 20.3
The Business Case
SECTION 20.4
Ensuring On-Going Compliance
CHAPTER 21
Acknowledgements
Go to Next Chapter
Go to Next Chapter
SECTION 5
Tracking Vulnerabilities
Go Pro
Log In
Planning Your Security Budget