Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats

This book is extremely useful as a "how-to" guide for creating or improving your corporate information security program. There are plenty of books out there covering various technical aspects of cybersecurity but very few that describe the best overall approach to using your people, processes and technologies to defend your IT assets. "Enterprise Cybersecurity" does that job well - both as a step by step guide and as a very well organized general reference. If you're engaged in managing cybersecurity programs and you're in need of a "playbook" to get the job done - this is your book. If your CIO or Board doesn't already "get it" when it comes to cyber security - give them this book. If you're looking for help selecting the right security technologies, controls framework, policy framework, performance metrics, project priorities, crisis plan or action plans - get this book. If you're about to engage a cybersecurity consultant - read this book first, you'll get better bang for your buck. I especially appreciated the authors practical approach to problems. They share real world experience and tips on how to solve the difficult 'real world' decisions that cybersecurity managers actually face. For example, in Chapter 10 "Managing a Cybersecurity Crisis" the authors go beyond the well worn principles of managing an incident and what to do when the incident threatens the entire enterprise. The book covers crisis mode communications, applying the OODA (Observe Orient Decide Act) loop, how to take care of your people and establish proper operational tempo and the differences between restoring security and restoring IT operations. I've only had this book a week and it's already becoming a bit dog-eared from use - I strongly recommend adding it to your library.

As a consultant (and for sales), this book is invaluable. It explains concepts in simple terms with excellent graphics. It subsequently dives into how to build and maintain the best cybersecurity defense based on real-life scenarios where there are resource contingencies (human, capital, other). The appendices provide in-depth details and references (NIST, ISO, others) and describes the items to be considered when writing a policy, operationalizing a cybersecurity program, assessment considerations and related formulas and graphics. These could be very helpful even for anyone who already has a program in place and wants to evaluate it. Cybersecurity is a dynamic and evolving environment and one can find in this book how to maintain an established program. As posted by another reviewer, you will find very quickly the need to bookmark often and you will want to always have the book handy. I got the kindle version which permits easy bookmarking and of course search capabilities. The book is an invaluable source of information for anyone who needs to convey the concept and propose an approach to achieve best-possible results.

This is a must have for anyone who wants to understand how cybersecurity programs are built. Scott and team take readers from framework adoption and policy creation to adoption of technical capabilities. Enterprise Cybersecurity is the ultimate desk reference.

Bruce Schneier summed it up best years ago, "Cybersecurity is a process and not a product." Enterprise Cybersecurity is an in depth description of ALL the processes an IT Administrator, CISO and CTO need to understand. Donaldson, Siegel, Williams and Aslam have done an excellent job of outlining cybersecurity is an easy to follow and understand step-by-step process. It looks at cybersecurity from every angle: Client to Server, Policies to Implementations, Stand-alone to Cloud, and so much more. Plus, all the diagrams make it easy so to follow. What also makes this book unique is that it is written so CEOs, CFOs and non-techies now have the ability to ask their IT people the right questions and understand their answers so appropriate budgets can be allocated. It doesn't matter if your are new to enterprise security or a seasoned pro, Enterprise Cybersecurity has to be in your library. If your business is concerned about a cyber attack and the devastation it can cause your business, you have the tools to implement the best defense. Buy this book.

Great book on cybersecurity. Covers everything from A-Z. Whether your are building a new security framework for your company, or reengineering an existing one, this book systematically lays out all of the steps from beginning to end. Detailed appendices are really useful for those engineers and managers who require a deeper dive on components of the security program. Hats off to these experienced engineer-architects who took the time to write a meaningful book on preventing advanced persistent threats, malware, zero day attacks, etc. Camp out at your favorite Starbucks and take your time with this book.

Book to small to read

One of the most clearly written books I have ever read. In addition, the content is right on point. It covers the subject matter throughly and I find it quite educational. Highly recommend this book for new, or seasoned, cybersecurity professionals. Your will not regret it.

Very interesting book, very up to date !

Good

A good 1st book to read if you want to know about Cybersecurity

Great reference for cybersecurity operations and audits.Great resource for consultants, SOC analysts, auditors, cyber security managers, and CISOs. Very detailed and in-depth coverage of topics, areas and processes of cyber security. Highly recommended for both experience and novice cybersecurity professionals.

A must have to anyone dealing with security on the enterprise. Clear and concise, dealing with all the aspects of cyber security, form policies and compliance to governance and incident best practices.