Ochrona danych osobowych

ISO 27001/ISO 27002. A guide to information security management systems

IT Governance Publishing, Alan Calder

This comprehensive guide demystifies the ISO 27001 and ISO 27002 standards, offering a clear roadmap to understanding, implementing, and managing an Information Security Management System (ISMS). It begins with foundational concepts, a history of ISO 27001, and introduces the ISO 27000 family. The book proceeds to cover the PDCA cycle, Annex SL structure, and the significance of shall vs. should in compliance language.Core chapters walk through ISO 27001’s clauses and requirements, from organizational context and leadership to performance evaluation and continual improvement. Annex A's security controls are explored in detail, linking theory with practical application. ISO 27002 is also thoroughly reviewed to offer guidance on selecting and implementing appropriate controls.By the end of the book, readers gain a strong understanding of ISMS design, certification processes, and control mapping. This resource supports IT managers, compliance officers, and auditors seeking to align with international security standards.

Linux Shell Scripting for Hackers. Automate and scale your hacking process with bash scripting

Valentine (Traw) Nachi, Donald A. Tevault

Mastering bash scripting is a powerful skill that separates professional hackers from the rest. This comprehensive guide explores bash scripting in depth, equipping you with the knowledge and tools you need to automate complex tasks, streamline workflows, and craft custom utilities.The book takes you on a journey through advanced scripting techniques, while helping you master the command line and use practical examples that showcase real-world applications. From automating reconnaissance processes to creating custom exploitation tools, this book provides you with the skills to tackle even the most daunting challenges. You’ll discover how to utilize bash, awk, sed, and regular expressions to manipulate data, parse logs, and extract valuable information. A dedicated section also focuses on network scripting, helping you craft scripts that interact with remote systems, scan, and gather information.By the end of this bash scripting book, you’ll be able to apply your newfound knowledge to tackle realistic scenarios, honing your skills and preparing for the front lines of cybersecurity.

Microsoft Defender for Endpoint in Depth. Take any organization's endpoint security to the next level - Second Edition

Paul Huijbregts, Ru Campbell, Joe Anich, Justen...

Modern organizations run on constantly changing endpoints, yet many teams still struggle to make Microsoft Defender for Endpoint a dependable control. Coverage gaps, noisy detections, mixed platforms, and unclear device behavior often get in the way of effective prevention, detection, and response.This second edition helps you tackle those challenges directly. Updated for today’s Defender for Endpoint and the broader Microsoft Defender ecosystem, it shows how MDE works across clients, servers, and now mobile devices, and how to align deployments with real-world constraints. New chapters on mobile threat defense, production rollout, and tuning provide practical guidance for moving beyond pilot environments, handling edge cases, and protecting critical and legacy assets.Throughout, the book brings together IT and SecOps viewpoints to help you operate Defender for Endpoint with more clarity and less friction. You’ll learn how to maintain sensor health, interpret incidents confidently, reduce noise without weakening protection, and troubleshoot recurring issues.Whether you’re refining an existing deployment or planning a new one, this edition gives you a clearer path to making Defender for Endpoint a reliable part of your security program.

Microsoft Identity and Access Administrator SC-300 Exam Guide. Pass the SC-300 exam with confidence by using exam-focused resources - Second Edition

Aaron Guilmette, James Hardiman, Doug Haven, Dwayne...

SC-300 exam content has undergone significant changes, and this second edition aligns with the revised exam objectives. This updated edition gives you access to online exam prep resources such as chapter-wise practice questions, mock exams, interactive flashcards, and expert exam tips, providing you with all the tools you need for thorough exam preparation.You’ll get to grips with the creation, configuration, and management of Microsoft Entra identities, as well as understand the planning, implementation, and management of Microsoft Entra user authentication processes. You’ll learn to deploy and use new Global Secure Access features, design cloud application strategies, and manage application access and policies by using Microsoft Cloud App Security. You’ll also gain experience in configuring Privileged Identity Management for users and guests, working with the Permissions Creep Index, and mitigating associated risks.By the end of this book, you’ll have mastered the skills essential for securing Microsoft environments and be able to pass the SC-300 exam on your first attempt.

NIST CSF 2.0. Your essential introduction to managing cybersecurity risks

IT Governance Publishing, Andrew Pattison

This comprehensive guide introduces the origins, aims, and components of the NIST Cybersecurity Framework (CSF) 2.0. It explores the core structure including functions, categories, subcategories, and profiles, and provides detailed implementation tiers and examples.Readers are then guided through a deep dive into all six framework categories—from Govern to Recover—and learn how to develop and apply risk management strategies within an organization. The content covers NIST SP 800-53, informative references, and practical quick-start guides to help translate theory into action.The final sections offer a seven-step implementation roadmap, including gap analysis, target profiles, and continuous improvement. The book concludes by mapping the CSF to international standards like ISO 27001 and ISO 22301, offering a well-rounded and interoperable cybersecurity strategy.

RODO w sieci - 17 pytań i odpowiedzi dotyczących ochrony danych przetwarzanych cyfrowo

Piotr Glen, Michał Koralewski, Maciej Lipka, Michał...

Przetwarzanie danych osobowych cyfrowo jest powszechną i wygodna praktyką dla wszystkich uczestników tego procesu. Niemniej jednak jest ono obarczone większym ryzykiem związanym z ich bezpieczeństwem np. w postaci cyberataku. To z kolei powoduje, że administratorzy danych osobowych mają dodatkowe obowiązki w tym zakresie. Sprawdź, jak przetwarzać dane na potrzeby poczty e-mail, wideokonferencji, urządzeń mobilnych, jak przesyłać dane poza obszar EOG czy też jakie są założenia aktu o usługach cyfrowych. To tylko niektóre z najistotniejszych zagadnień omówionych w tej publikacji.

Securing Industrial Control Systems and Safety Instrumented Systems. A practical guide for safeguarding mission and safety critical systems

Jalal Bouhdada, Marco Ayala

As modern process facilities become increasingly sophisticated and vulnerable to cyber threats, securing critical infrastructure is more crucial than ever. This book offers an indispensable guide to industrial cybersecurity and Safety Instrumented Systems (SIS), vital for maintaining the safety and reliability of critical systems and protecting your operations, personnel, and assets.Starting with SIS design principles, the book delves into the architecture and protocols of safety networks. It provides hands-on experience identifying vulnerabilities and potential attack vectors, exploring how attackers might target SIS components. You’ll thoroughly analyze Key SIS technologies, threat modeling, and attack techniques targeting SIS controllers and engineer workstations. The book shows you how to secure Instrument Asset Management Systems (IAMS), implement physical security measures, and apply integrated risk management methodologies. It also covers compliance with emerging cybersecurity regulations and industry standards worldwide.By the end of the book, you’ll have gained practical insights into various risk assessment methodologies and a comprehensive understanding of how to effectively protect critical infrastructure.

Security Intelligence with Sumo Logic. Your guide to an effective security detection and response program with the Sumo Logic platform

Bogdan Kireeve, Chas Clawson

Modernize your security operations with Sumo Logic’s Continuous Intelligence Platform that delivers real-time detection, analysis, and response to threats, and find out how it enables security teams to unify monitoring, apply advanced analytics, and strengthen defenses across diverse environments.Step by step, this guide takes you through configuring Sumo Logic to ingest and visualize log data, running versatile queries, and using Security Apps to meet compliance and audit demands. You’ll learn how to take full advantage of Cloud SIEM by creating enriched records, building correlation rules, proactively threat hunting, and tuning signals to reduce false positives.Beyond traditional SIEM use cases, discover how Sumo Logic supports modern DevSecOps practices that embed security into the development lifecycle without compromising delivery speed and features such as entity inventory, third-party integrations, and best practices that enhance investigation and detection accuracy.Finally, you’ll prepare for the future of security intelligence, where automation, machine learning, and AI-driven insights reshape threat defense, ensuring you’re ready to transform your security operations with Sumo Logic Cloud SIEM.*Email sign-up and proof of purchase required