Cyber Security

David Sutton's career in IT spans nearly 50 years and includes voice and data networking, information security and critical information infrastructure protection. He has delivered lectures on information risk management and business continuity at Royal Holloway University of London from where he holds an MSc in Information Security. He is also the author of Information Risk Management and a co-author of Information Security Management Principles (2nd edition).

PrefaceWho should read this book?
What exactly do we mean by cyber?
Terminology and definitions
Overview of this book




1.Introduction
 Background
The expectations of users and organisations
 Cyber Security in the wider context



 2.The Big Issues
Cyber crime
Cyber harassment or cyber bullying
Cyber warfare
Cyber surveillance 
Why we should care
What makes cyber security difficult?



 3.Cyber targets
 Individual targets
Business targets
Critical infrastructure targets
Building targets
Academia & research targets
Manufacturing and industry targets



4.Cyber vulnerabilities and impacts
Cyber vulnerabilities
Cyber impacts



5.Cyber threats
Types of attacker
Motives - what drives an attacker?
Means
Cyber-attack methods
Types of cyber-attack and attack vectors
The risks of conducting a cyber-attack



6.Risk management overview
A general view of risk
Assets
Vulnerabilities
Likelihood or probability
Qualitative and quantitative assessments
The risk management process



7.Business Continuity & Disaster Recovery
Business continuity
Disaster recovery



8.Basic cyber security steps
General security advice
Technical security advice
Mobile working



9.Organisational security steps
Security policies overview
Directive policies
Administrative policies
Communal policies
Technical policies



10.Awareness and training
Awareness
Training



11.Information sharing
Trust
Information classification
Protection of shared information
Anonymisation of shared information
Routes to information sharing



Bibliography



Appendix A - Standards
Cyber security standards
ISO/IEC 27000 series standards
Other relevant ISO standards
Business continuity standards
National Institute of Standards and Technology (NIST) standards



Appendix B - Good Practice Guidelines
General cyber security advice

UK Government cyber security advice



Appendix C - Cyber Security Law
UK law
EU directives and regulations
Other relevant legislation



Appendix D - Cyber Security Training



Appendix E - Links to Other Useful Organisations