Skip to Main Content
Important information: All physical goods sent to the EU will be liable for local tax payments. Read more
Books Information Security & ISO27001 Lessons Learned: Critical Information Infrastructure Protection
Lessons Learned: Critical Information Infrastructure Protection
view inside

Lessons Learned: Critical Information Infrastructure Protection - How to protect critical information infrastructure

Toomas Viira (Author)

Details

SKU: 4863
Format: Softcover
ISBN13: 9781849289573
BIC: COMPUTER SECURITY, COMPUTING & INFORMATION TECHNOLOGY
BISAC: COMPUTERS / Security / General, COMPUTERS / General, COMPUTERS / Security / Network Security
Pages: 118
Published: 23 Jan 2018
Availability: In Stock

Buying option(s)

Description

"I loved the quotes at the beginning of each chapter – very interesting and thought-provoking. I also enjoyed the author’s style and his technical expertise shone through."
Christopher Wright, Wright CandA Consulting Ltd

Protecting critical information infrastructure (CII) is not an easy process. Risks need to be minimised and systems adequately protected. It is an endless balancing act, where one side is constantly on the defensive and the other on the offensive. Lessons Learned: Critical Information Infrastructure Protection aims to help you be as successful as possible in protecting your CII, and do so quickly with minimum effort, irrespective of whether you work for a critical infrastructure service provider, a company that organises the provision of critical infrastructure services, or a company that serves critical service providers.

Drawing on more than 20 years of experience in the IT and cyber security sectors, the author defines critical infrastructure services and provides structured lessons for each chapter, summarising each with key takeaways, including how to:

  • Describe the critical infrastructure service and determine its service level;
  • Identify and analyse the interconnections and dependencies of information systems;
  • Create a functioning organisation to protect CII; and
  • Train people to make sure they are aware of cyber threats and know the correct behaviour.

The key message – organisations must be prepared to provide critical infrastructure services without IT systems – is reinforced in the final chapter: “We must have some way of continuing to work even if computers fail”, writes Mikko Hypponen.

Understand how you can protect your organisation's critical information infrastructure - buy this book today. 

Authors

About the author

Toomas Viira is a highly motivated, experienced and results-orientated cyber security risk manager and IT auditor. He has more than 20 years’ experience in the IT and cyber security sectors.

In 2005, Toomas managed the creation of CERT (Computer Emergency Response Team) Estonia, and in 2007 he was a member of the team that protected Estonia from large-scale cyber attacks. He is one of the main authors of the first Estonian Cyber Security Strategy and in 2009 was appointed head of the Critical Information Infrastructure Protection department at the Estonian Information System Authority.

Toomas has managed several national-level CII projects, such as mapping, risk analysis and operators’ penetration tests, and state-level emergency risk analysis and response plan development. He holds the following certifications: CISSP®, CISA®, CISM®, CRISC™, ISO 27001 CIS LI and ITIL® Foundation. Toomas is the founder and CEO of ciipunit.com.

Reviews

Customer Reviews

(Only registered customers can rate)
Table of contents
  • Lesson 1: Define critical infrastructure services.
  • Lesson 2: Describe the critical infrastructure service and determine its service level.
  • Lesson 3: Define the providers of critical infrastructure services.
  • Lesson 4: Identify the critical activities, resources and responsible persons needed to provide the critical infrastructure service.
  • Lesson 5: Analyse and identify the interdependencies of services and their reliance upon power supplies.
  • Lesson 6: Visualise critical infrastructure data.
  • Lesson 7: Identify important information systems and assess their importance.
  • Lesson 8: Identify and analyse the interconnections and dependencies of information systems.
  • Lesson 9: Focus on more critical services and prioritise your activities.
  • Lesson 10: Identify threats and vulnerabilities.
  • Lesson 11: Assess the impact of service disruptions.
  • Lesson 12: Assess the risks associated with the service and information system.
  • Lesson 13: Implement the necessary security measures.
  • Lesson 14: Create a functioning organisation to protect CII.
  • Lesson 15: Follow regulations to improve the cyber resilience of critical infrastructure services.
  • Lesson 16: Assess the security level of your information systems yourself and ask external experts to assess them as well.
  • Lesson 17: Scan networks yourself and ask external experts to scan them as well to find the systems that shouldn’t be connected to the Internet but still are.
  • Lesson 18: Prepare business continuity and disaster recovery plans and test them at reasonable intervals.
  • Lesson 19: Establish reliable relations and maintain them.
  • Lesson 20: Share information and be a part of networks where information is shared.
  • Lesson 21: Train people to make sure they are aware of cyber threats and know the correct behaviour.
  • Lesson 22: If the CII protection system does not work as planned or give the desired output, make improvements.
  • Lesson 23: Be prepared to provide critical infrastructure services without IT systems. If possible, reduce dependence on IT systems. If possible, during a crisis, provide critical services at reduced functionality and/or in reduced volumes.
Loading...