UOP-CYB525: Leadership in Cybersecurity

Cybersecurity Policy and Governance, Framework

• Information Security vs. Cybersecurity Policies
• Looking at Policy Through the Ages
• Cybersecurity Policy
• Cybersecurity Policy Life Cycle
• Policy Hierarchy
• Writing Style and Technique
• Policy Format
• Confidentiality, Integrity, and Availability
• NIST's Cybersecurity Framework
• Marcus J. Carey
• Ian Anderson
• Andrew Bagrin
• Zate Berg
• Cheryl Biswas
• Keirsten Brager
• Evan Booth
• Kyle Bubp
• Lesley Carhart
• Lee Carsten
• Whitney Champion
• Ming Chow

Governance, Risk & Asset Management and Data Loss Prevention

• Understanding Cybersecurity Policies
• Cybersecurity Risk
• Information Assets and Systems
• Information Classification
• Labeling and Handling Standards
• Information Systems Inventory
• Understanding Data Loss Prevention Technologies
• Jim Christy
• Ian Coldwater
• Dan Cornell
• Kim Crawley
• Emily Crose
• Daniel Crowley
• Winnona DeSombre
• Ryan Dewhurst
• Deidre Diamond
• Ben Donnelly
• Kimber Dowsett
• Ronald Eddings

Human Resources, Physical, Environmental, Communications and Operations Security

• The Employee Life Cycle
• The Importance of Employee Agreements
• The Importance of Security Education and Training
• Understanding the Secure Facility Layered Defense Model
• Protecting Equipment
• Standard Operating Procedures
• Operational Change Control
• Malware Protection
• Data Replication
• Secure Messaging
• Activity Monitoring and Log Analysis
• Service Provider Oversight
• Threat Intelligence and Information Sharing
• Justin Elze
• Robert Graham
• Claudio Guarnieri
• Ron Gula
• Jennifer Havermann
• Teuta Hyseni
• Terence Jackson
• Ken Johnson
• David Kennedy
• Michelle Klinger
• Marina Krotofil
• Sami Laiho

Access Control and Business Continuity Management, Information Systems and Incident Response

• Access Control Fundamentals
• Infrastructure Access Controls
• User Access Controls
• System Security Requirements
• Secure Code
• Cryptography
• Incident Response
• What Happened? Investigation and Evidence Handling
• Data Breach Notification Requirements
• Emergency Preparedness
• Business Continuity Risk Management
• The Business Continuity Plan
• Plan Testing and Maintenance
• Robert M. Lee
• Kelly Lum
• Tracy Z. Maleeff
• Andy Malone
• Jeffrey Man
• Jim Manico
• Kylie Martonik
• Christina Morillo
• Kent Nabors
• Wendy Nather
• Charles Nwatu
• Davi Ottenheimer

Regulatory Compliance for Financial Institutions and Health-Care Sector

• The Gramm-Leach-Bliley Act
• New York's Department of Financial Services Cybersecurity Regulation (23 NYCRR Part 500)
• What Is a Regulatory Examination?
• Personal and Corporate Identity Theft
• The HIPAA Security Rule
• The HITECH Act and the Omnibus Rule
• Understanding the HIPAA Compliance Enforcement Process
• Brandon Perry
• Bruce Potter
• Edward Prevost
• Steve Ragan
• Stephen A. Ridley
• Tony Robinson
• David Rook
• Guillaume Ross
• Brad Schaufenbuel
• Chinyere Schwartz
• Khalil Sehnaoui
• Astha Singhal

PCI Compliance for Merchants and NIST Cybersecurity Framework

• Protecting Cardholder Data
• PCI Compliance
• Introducing the NIST Cybersecurity Framework Components
• The Framework Core
• Framework Implementation Tiers ("Tiers")
• NIST's Recommended Steps to Establish or Improve a Cybersecurity Program
• NIST's Cybersecurity Framework Reference Tool
• Adopting the NIST Cybersecurity Framework in Real Life
• Dug Song
• Jayson E. Street
• Ben Ten
• Dan Tentler
• Ben Tomhave
• Robert “TProphet” Walker
• Georgia Weidman
• Jake Williams
• Robert Willis
• Robin Wood

Appendix A: Cybersecurity Program Resources

About