{"product_id":"9781849289597","title":"Lessons Learned: Critical Information Infrastructure Protection: How to protect critical information infrastructure","description":"\u003cp\u003e\u003cem\u003e\"I loved the quotes at the beginning of each chapter – very interesting and thought-provoking. I also enjoyed the author’s style and his technical expertise shone through.\"\u003c\/em\u003e\u003cstrong\u003e\u003cem\u003e\u003cbr\u003e \u003c\/em\u003eChristopher Wright, Wright CandA Consulting Ltd\u003c\/strong\u003e\u003c\/p\u003e  \u003cp\u003e\u003cstrong\u003eUnderstand how to protect your critical information infrastructure (CII). \u003c\/strong\u003e\u003c\/p\u003e  \u003cp\u003eThis book comes with 23 key lessons, including how to:\u003c\/p\u003e  \u003cul\u003e \u003cli\u003eDescribe the critical infrastructure service and determine its service level;\u003c\/li\u003e \u003cli\u003eIdentify and analyse the interconnections and dependencies of information systems;\u003c\/li\u003e \u003cli\u003eCreate a functioning organisation to protect CII; and\u003c\/li\u003e \u003cli\u003eTrain people to make sure they are aware of cyber threats and know the correct behaviour.\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eBillions of people use the services of critical infrastructure providers, such as ambulances, hospitals, and electricity and transport networks. This number is increasing rapidly, yet there appears to be little protection for many of these services.\u003c\/p\u003e  \u003cp\u003eIT solutions have allowed organisations to increase their efficiency in order to be competitive. However, do we even know or realise what happens when IT solutions are not working – when they simply don’t function at all or not in the way we expect? This book aims to teach the IT framework from within, allowing you to reduce dependence on IT systems and put in place the necessary processes and procedures to help protect your CII.\u003c\/p\u003e  \u003cp\u003e\u003cem\u003eLessons Learned: Critical Information Infrastructure Protection\u003c\/em\u003e is aimed at people who organise the protection of critical infrastructure, such as chief executive officers, business managers, risk managers, IT managers, information security managers, business continuity managers and civil servants. Most of the principles and recommendations described are also valid in organisations that are not critical infrastructure service providers. The book covers the following:\u003c\/p\u003e  \u003cul\u003e \u003cli\u003eLesson 1: Define critical infrastructure services.\u003c\/li\u003e \u003cli\u003eLesson 2: Describe the critical infrastructure service and determine its service level.\u003c\/li\u003e \u003cli\u003eLesson 3: Define the providers of critical infrastructure services.\u003c\/li\u003e \u003cli\u003eLesson 4: Identify the critical activities, resources and responsible persons needed to provide the critical infrastructure service.\u003c\/li\u003e \u003cli\u003eLesson 5: Analyse and identify the interdependencies of services and their reliance upon power supplies.\u003c\/li\u003e \u003cli\u003eLesson 6: Visualise critical infrastructure data.\u003c\/li\u003e \u003cli\u003eLesson 7: Identify important information systems and assess their importance.\u003c\/li\u003e \u003cli\u003eLesson 8: Identify and analyse the interconnections and dependencies of information systems.\u003c\/li\u003e \u003cli\u003eLesson 9: Focus on more critical services and prioritise your activities.\u003c\/li\u003e \u003cli\u003eLesson 10: Identify threats and vulnerabilities.\u003c\/li\u003e \u003cli\u003eLesson 11: Assess the impact of service disruptions.\u003c\/li\u003e \u003cli\u003eLesson 12: Assess the risks associated with the service and information system.\u003c\/li\u003e \u003cli\u003eLesson 13: Implement the necessary security measures.\u003c\/li\u003e \u003cli\u003eLesson 14: Create a functioning organisation to protect CII.\u003c\/li\u003e \u003cli\u003eLesson 15: Follow regulations to improve the cyber resilience of critical infrastructure services.\u003c\/li\u003e \u003cli\u003eLesson 16: Assess the security level of your information systems yourself and ask external experts to assess them as well.\u003c\/li\u003e \u003cli\u003eLesson 17: Scan networks yourself and ask external experts to scan them as well to find the systems that shouldn’t be connected to the Internet but still are.\u003c\/li\u003e \u003cli\u003eLesson 18: Prepare business continuity and disaster recovery plans and test them at reasonable intervals.\u003c\/li\u003e \u003cli\u003eLesson 19: Establish reliable relations and maintain them.\u003c\/li\u003e \u003cli\u003eLesson 20: Share information and be a part of networks where information is shared.\u003c\/li\u003e \u003cli\u003eLesson 21: Train people to make sure they are aware of cyber threats and know the correct behaviour.\u003c\/li\u003e \u003cli\u003eLesson 22: If the CII protection system does not work as planned or give the desired output, make improvements.\u003c\/li\u003e \u003cli\u003eLesson 23: Be prepared to provide critical infrastructure services without IT systems. If possible, reduce dependence on IT systems. If possible, during a crisis, provide critical services at reduced functionality and\/or in reduced volumes.\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003e\u003cstrong\u003eAbout the author\u003c\/strong\u003e\u003c\/p\u003e  \u003cp\u003eToomas Viira is a highly motivated, experienced and results-orientated cyber security risk manager and IT auditor. He has more than 20 years’ experience in the IT and cyber security sectors.\u003c\/p\u003e  \u003cp\u003eIn 2005, Toomas managed the creation of CERT (Computer Emergency Response Team) Estonia, and in 2007 he was a member of the team that protected Estonia from large-scale cyber attacks. He is one of the main authors of the first Estonian Cyber Security Strategy and in 2009 was appointed head of the Critical Information Infrastructure Protection department at the Estonian Information System Authority.\u003c\/p\u003e  \u003cp\u003eToomas has managed several national-level CII projects, such as mapping, risk analysis and operators’ penetration tests, and state-level emergency risk analysis and response plan development. He holds the following certifications: CISSP®, CISA®, CISM®, CRISC™, ISO 27001 CIS LI and ITIL® Foundation. Toomas is the founder and CEO of ciipunit.com. \u003c\/p\u003e","brand":"IT Governance Publishing","offers":[{"title":"Default Title","offer_id":47153534566640,"sku":"9781849289597","price":34.99,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0737\/7593\/9824\/files\/9781849289597_p0.jpg?v=1763755632","url":"https:\/\/shop-qa.barnesandnoble.com\/products\/9781849289597","provider":"Barnes \u0026 Noble (DEV)","version":"1.0","type":"link"}