What do you think?
Rate this book
Infosec Strategies and Best Practices: Gain Proficiency in Information Security Using Expert-level Strategies and Best Practices
Information security and risk management best practices enable professionals to plan, implement, measure, and test their organization's systems and ensure that they're adequately protected against threats.
The book starts by helping you to understand the core principles of information security, why risk management is important, and how you can drive information security governance. You'll then explore methods for implementing security controls to achieve the organization's information security goals. As you make progress, you'll get to grips with design principles that can be utilized along with methods to assess and mitigate architectural vulnerabilities. The book will also help you to discover best practices for designing secure network architectures and controlling and managing third-party identity services. Finally, you will learn about designing and managing security testing processes, along with ways in which you can improve software security.
By the end of this infosec book, you'll have learned how to make your organization less vulnerable to threats and reduce the likelihood and impact of exploitation. As a result, you will be able to make an impactful change in your organization toward a higher level of information security.
The book starts by helping you to understand the core principles of information security, why risk management is important, and how you can drive information security governance. You'll then explore methods for implementing security controls to achieve the organization's information security goals. As you make progress, you'll get to grips with design principles that can be utilized along with methods to assess and mitigate architectural vulnerabilities. The book will also help you to discover best practices for designing secure network architectures and controlling and managing third-party identity services. Finally, you will learn about designing and managing security testing processes, along with ways in which you can improve software security.
By the end of this infosec book, you'll have learned how to make your organization less vulnerable to threats and reduce the likelihood and impact of exploitation. As a result, you will be able to make an impactful change in your organization toward a higher level of information security.
272 pages, Kindle Edition
Published May 21, 2021
3 people are currently reading
4 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
September 17, 2021
I recently finished Infosec Strategies and Best Practices by Joseph MacMillan - Cybersecurity Global Black Belt, thanks to Packt who offered me a copy to review.
TL;DR: It is a great book that will help you level up your cybersecurity knowledge to understand conversations held by all manner of cybersecurity professionals, and if you are at the level to implement, give you an idea of what you should be doing.
I really enjoyed this book. It reminded me of my CISSP study material. Not that this is geared towards that exam. It just so happens that when you're talking at that level, these are the topics and the kind of information you need to know.
Joseph keeps things digestible, which I always appreciate in education geared at all levels. He wants to take someone with very little cybersecurity knowledge and have them understand some of the more complex topics in our industry. And I think he achieves it well.
It starts with an introduction of risk management and governance for a couple chapters. Then it looks at how to protect the organization through proper design and controls. It ends with operationalizing information security. Really taking it all and putting it into practice.
The concepts covered are the sorts of things your CISOs and like are dealing with on a daily basis. In the Air Force, I was taught to think two ahead. That means, think about things like my boss's boss. It's taking an empathetic look at knowledge. What do you need to know in order to understand what is going on at that level?
Well, if you want to prepare yourself for that level of thinking, this is the book for you.
It helps that there are examples and humor spread throughout the book. Like it's written by a human for other humans. Feels like Joseph is talking to you instead of throwing a lot of definitions and textbook knowledge at the reader.
TL;DR: It is a great book that will help you level up your cybersecurity knowledge to understand conversations held by all manner of cybersecurity professionals, and if you are at the level to implement, give you an idea of what you should be doing.
I really enjoyed this book. It reminded me of my CISSP study material. Not that this is geared towards that exam. It just so happens that when you're talking at that level, these are the topics and the kind of information you need to know.
Joseph keeps things digestible, which I always appreciate in education geared at all levels. He wants to take someone with very little cybersecurity knowledge and have them understand some of the more complex topics in our industry. And I think he achieves it well.
It starts with an introduction of risk management and governance for a couple chapters. Then it looks at how to protect the organization through proper design and controls. It ends with operationalizing information security. Really taking it all and putting it into practice.
The concepts covered are the sorts of things your CISOs and like are dealing with on a daily basis. In the Air Force, I was taught to think two ahead. That means, think about things like my boss's boss. It's taking an empathetic look at knowledge. What do you need to know in order to understand what is going on at that level?
Well, if you want to prepare yourself for that level of thinking, this is the book for you.
It helps that there are examples and humor spread throughout the book. Like it's written by a human for other humans. Feels like Joseph is talking to you instead of throwing a lot of definitions and textbook knowledge at the reader.
August 9, 2023
Great broad overview of InfoSec field.
Displaying 1 - 2 of 2 reviews