Why CISOs Fail

The Missing Link in Security Management--and How to Fix It

Author: Barak Engel

Publisher: CRC Press

ISBN: 1351986686

Category: Business & Economics

Page: 134

View: 6132

DOWNLOAD NOW »

This book serves as an introduction into the world of security and provides insight into why and how current security management practices fail, resulting in overall dissatisfaction by practitioners and lack of success in the corporate environment. The author examines the reasons and suggests how to fix them. The resulting improvement is highly beneficial to any corporation that chooses to pursue this approach or strategy and from a bottom-line and business operations perspective, not just in technical operations. This book transforms the understanding of the role of the CISO, the selection process for a CISO, and the financial impact that security plays in any organization.

Auditor Essentials

100 Concepts, Tips, Tools, and Techniques for Success

Author: Hernan Murdock

Publisher: CRC Press

ISBN: 1351712519

Category: Business & Economics

Page: 472

View: 2560

DOWNLOAD NOW »

Internal auditors must know many concepts, techniques, control frameworks, and remain knowledgeable despite the many changes occurring in the marketplace and their profession. This easy to use reference makes this process easier and ensures auditors can obtain needed information quickly and accurately. This book consists of 100 topics, concepts, tips, tools and techniques that relate to how internal auditors interact with internal constitutencies and addresses a variety of technical and non-technical subjects. Non-auditors have an easy-to-use guide that increases their understanding of what internal auditors do and how, making it easier for them to partner with them more effectively.

CISO Leadership

Essential Principles for Success

Author: Todd Fitzgerald,Micki Krause

Publisher: CRC Press

ISBN: 9780849379444

Category: Computers

Page: 312

View: 7500

DOWNLOAD NOW »

Caught in the crosshairs of “Leadership” and “Information Technology”, Information Security professionals are increasingly tapped to operate as business executives. This often puts them on a career path they did not expect, in a field not yet clearly defined. IT training does not usually includemanagerial skills such as leadership, team-building, communication, risk assessment, and corporate business savvy, needed by CISOs. Yet a lack in any of these areas can short circuit a career in information security. CISO Leadership: Essential Principles for Success captures years of hard knocks, success stories, and yes, failures. This is not a how-to book or a collection of technical data. It does not cover products or technology or provide a recapitulation of the common body of knowledge. The book delineates information needed by security leaders and includes from-the-trenches advice on how to have a successful career in the field. With a stellar panel of contributors including William H. Murray, Harry Demaio, James Christiansen, Randy Sanovic, Mike Corby, Howard Schmidt, and other thought leaders, the book brings together the collective experience of trail blazers. The authors have learned through experience—been there, done that, have the t-shirt—and yes, the scars. A glance through the contents demonstrates the breadth and depth of coverage, not only in topics included but also in expertise provided by the chapter authors. They are the pioneers, who, while initially making it up as they went along, now provide the next generation of information security professionals with a guide to success.

The Frugal CISO

Using Innovation and Smart Approaches to Maximize Your Security Posture

Author: Kerry Ann Anderson

Publisher: CRC Press

ISBN: 1482220083

Category: Business & Economics

Page: 381

View: 5572

DOWNLOAD NOW »

If you’re an information security professional today, you are being forced to address growing cyber security threats and ever-evolving compliance requirements, while dealing with stagnant and decreasing budgets. The Frugal CISO: Using Innovation and Smart Approaches to Maximize Your Security Posture describes techniques you can immediately put to use to run an effective and efficient information-security management program in today’s cost-cutting environment. The book outlines a strategy for managing the information security function in a manner that optimizes cost efficiency and results. This strategy is designed to work across a wide variety of business sectors and economic conditions and focuses on producing long-term results through investment in people and technology. The text illustrates real-world perspectives that reflect the day-to-day issues that you face in running an enterprise’s security operations. Focused on managing information security programs for long-term operational success, in terms of efficiency, effectiveness, and budgeting ability, this book will help you develop the fiscal proficiency required to navigate the budgeting process. After reading this book you will understand how to manage an information security program with a limited budget, while still maintaining an appropriate level of security controls and meeting compliance requirements. The concepts and methods identified in this book are applicable to a wide variation of teams, regardless of organizational size or budget.

The CISO Journey

Life Lessons and Concepts to Accelerate Your Professional Development

Author: Eugene M Fredriksen

Publisher: CRC Press

ISBN: 1351999877

Category: Business & Economics

Page: 320

View: 8667

DOWNLOAD NOW »

The book takes readers though a series of security and risk discussions based on real-life experiences. While the experience story may not be technical, it will relate specifically to a value or skill critical to being a successful CISO. The core content is organized into ten major chapters, each relating to a "Rule of Information Security" developed through a career of real life experiences. The elements are selected to accelerate the development of CISO skills critical to success. Each segments clearly calls out lessons learned and skills to be developed. The last segment of the book addresses presenting security to senior execs and board members, and provides sample content and materials.

Operational Assessment of IT

Author: Steve Katzman

Publisher: CRC Press

ISBN: 1498737692

Category: Computers

Page: 338

View: 8268

DOWNLOAD NOW »

Operational Assessment of IT presents ideas and concepts of optimization designed to improve an organization’s business processes and assist business units in meeting organizational goals more effectively. Rather than focus on specific technologies, computing environments, enterprise risks, resource programs, or infrastructure, the book focuses on organizational processes. Throughout the book, the author presents concerns and environments encountered throughout his career to demonstrate issues and explain how you, too, can successfully implement the tools presented in the book. The assessment process reviews the economics as well as the effectiveness and efficiency of the process. Whether your organization is profit-based, not-for-profit, or even governmental, you cannot provide services or products at a continuous loss. For an operational assessment to be of value, the ultimate goal must be to insure that the business unit process is effective and efficient and employs the financial assets and resources appropriately or helps the business unit make adjustments to improve the operation and use resources more efficiently and economically. After reading this book, you will be able to devise more efficient and economical ways to meet your customers’ requirements, no matter who or where your customers are. You will learn that the goal of any process is to service or supply customers with what they want. The book provides tools and techniques that will assist you in gaining a 360-degree view of the process so that you can help the business unit improve the delivery of a quality product or a service to the customer.

The Phoenix Project

A Novel About IT, DevOps, and Helping Your Business Win

Author: Gene Kim,Kevin Behr,Kim Spafford

Publisher: IT Revolution

ISBN: 0988262584

Category: Business & Economics

Page: 348

View: 4143

DOWNLOAD NOW »

Bill is an IT manager at Parts Unlimited. It's Tuesday morning and on his drive into the office, Bill gets a call from the CEO. The company's new IT initiative, code named Phoenix Project, is critical to the future of Parts Unlimited, but the project is massively over budget and very late. The CEO wants Bill to report directly to him and fix the mess in ninety days or else Bill's entire department will be outsourced. With the help of a prospective board member and his mysterious philosophy of The Three Ways, Bill starts to see that IT work has more in common with manufacturing plant work than he ever imagined. With the clock ticking, Bill must organize work flow, streamline interdepartmental communications, and effectively serve the other business functions at Parts Unlimited. In a fast-paced and entertaining style, three luminaries of the DevOps movement deliver a story that anyone who works in IT will recognize. Readers will not only learn how to improve their own IT organizations, they'll never view IT the same way again.

Becoming a Global Chief Security Executive Officer

A How to Guide for Next Generation Security Leaders

Author: Roland Cloutier

Publisher: Butterworth-Heinemann

ISBN: 0128027819

Category: Business & Economics

Page: 392

View: 8522

DOWNLOAD NOW »

Becoming a Global Chief Security Executive Officer provides tangible, proven, and practical approaches to optimizing the security leader’s ability to lead both today’s, and tomorrow’s, multidisciplined security, risk, and privacy function. The need for well-trained and effective executives who focus on business security, risk, and privacy has exponentially increased as the critical underpinnings of today’s businesses rely more and more on their ability to ensure the effective operation and availability of business processes and technology. Cyberattacks, e-crime, intellectual property theft, and operating globally requires sustainable security programs and operations led by executives who cannot only adapt to today’s requirements, but also focus on the future. The book provides foundational and practical methods for creating teams, organizations, services, and operations for today’s—and tomorrow’s—physical and information converged security program, also teaching the principles for alignment to the business, risk management and mitigation strategies, and how to create momentum in business operations protection. Demonstrates how to develop a security program’s business mission Provides practical approaches to organizational design for immediate business impact utilizing the converged security model Offers insights into what a business, and its board, want, need, and expect from their security executives“/li> Covers the 5 Steps to Operational Effectiveness: Cybersecurity – Corporate Security – Operational Risk – Controls Assurance – Client Focus Provides templates and checklists for strategy design, program development, measurements and efficacy assurance

Ciso Desk Reference Guide

A Practical Guide for Cisos

Author: Bill Bonney,Gary Hayslip,Matt Stamper

Publisher: N.A

ISBN: 9780997744118

Category:

Page: 400

View: 7969

DOWNLOAD NOW »

An easy to use guide written by experienced practitioners for recently-hired or promoted Chief Information Security Offices (CISOs), individuals aspiring to become a CISO, as well as business and technical professionals interested in the topic of cybersecurity, including Chief Technology Officers (CTOs), Chief Information Officers (CIOs), Boards of Directors, Chief Privacy Officers, and other executives responsible for information protection.As a desk reference guide written specifically for CISOs, we hope this book becomes a trusted resource for you, your teams, and your colleagues in the C-suite. The different perspectives can be used as standalone refreshers and the five immediate next steps for each chapter give the reader a robust set of 45 actions based on roughly 100 years of relevant experience that will help you strengthen your cybersecurity programs.

Ciso Desk Reference Guide Volume 2

A Practical Guide for Cisos

Author: Bill Bonney,Gary Hayslip,Matt Stamper

Publisher: Ciso Drg

ISBN: 9780997744149

Category:

Page: 378

View: 5794

DOWNLOAD NOW »

An easy-to-use guide written by experienced practitioners for recently-hired or promoted Chief Information Security Officers (CISOs), individuals aspiring to become a CISO, as well as business and technical professionals interested in the topic of cybersecurity, including Chief Technology Officers (CTOs), Chief Information Officers (CIOs), Boards of Directors, Chief Privacy Officers, and other executives responsible for information protection. Volume 2 of the CISO Desk Reference Guide tackles nine additional topics, including hiring the right talent, creating a cyber awareness training program, monitoring your environment, threat intelligence, continuity planning, incident response, recovering operations, forensics/post-mortem, and writing a strategic cybersecurity plan. As a desk reference guide written specifically for CISOs, we hope this book becomes a trusted resource for you, your teams, and your colleagues in the C-suite. The different perspectives can be used as standalone refreshers and the five immediate next steps for each chapter give the reader a robust set of 40 actions based on roughly 100 years of relevant experience that will help you strengthen your cybersecurity programs. We hope you like it.

Core Software Security

Security at the Source

Author: James Ransome,Anmol Misra

Publisher: CRC Press

ISBN: 1466560967

Category: Computers

Page: 416

View: 4366

DOWNLOAD NOW »

"... an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. ... Readers are armed with firm solutions for the fight against cyber threats." —Dr. Dena Haritos Tsamitis. Carnegie Mellon University "... a must read for security specialists, software developers and software engineers. ... should be part of every security professional’s library." —Dr. Larry Ponemon, Ponemon Institute "... the definitive how-to guide for software security professionals. Dr. Ransome, Anmol Misra, and Brook Schoenfield deftly outline the procedures and policies needed to integrate real security into the software development process. ...A must-have for anyone on the front lines of the Cyber War ..." —Cedric Leighton, Colonel, USAF (Ret.), Cedric Leighton Associates "Dr. Ransome, Anmol Misra, and Brook Schoenfield give you a magic formula in this book - the methodology and process to build security into the entire software development life cycle so that the software is secured at the source! " —Eric S. Yuan, Zoom Video Communications There is much publicity regarding network security, but the real cyber Achilles’ heel is insecure software. Millions of software vulnerabilities create a cyber house of cards, in which we conduct our digital lives. In response, security people build ever more elaborate cyber fortresses to protect this vulnerable software. Despite their efforts, cyber fortifications consistently fail to protect our digital treasures. Why? The security industry has failed to engage fully with the creative, innovative people who write software. Core Software Security expounds developer-centric software security, a holistic process to engage creativity for security. As long as software is developed by humans, it requires the human element to fix it. Developer-centric security is not only feasible but also cost effective and operationally relevant. The methodology builds security into software development, which lies at the heart of our cyber infrastructure. Whatever development method is employed, software must be secured at the source. Book Highlights: Supplies a practitioner's view of the SDL Considers Agile as a security enabler Covers the privacy elements in an SDL Outlines a holistic business-savvy SDL framework that includes people, process, and technology Highlights the key success factors, deliverables, and metrics for each phase of the SDL Examines cost efficiencies, optimized performance, and organizational structure of a developer-centric software security program and PSIRT Includes a chapter by noted security architect Brook Schoenfield who shares his insights and experiences in applying the book’s SDL framework View the authors' website at http://www.androidinsecurity.com/

Cloud Security and Privacy

An Enterprise Perspective on Risks and Compliance

Author: Tim Mather,Subra Kumaraswamy,Shahed Latif

Publisher: "O'Reilly Media, Inc."

ISBN: 9781449379513

Category: Computers

Page: 338

View: 6677

DOWNLOAD NOW »

You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many people do. With Cloud Security and Privacy, you'll learn what's at stake when you trust your data to the cloud, and what you can do to keep your virtual infrastructure and web applications secure. Ideal for IT staffers, information security and privacy practitioners, business managers, service providers, and investors alike, this book offers you sound advice from three well-known authorities in the tech security world. You'll learn detailed information on cloud computing security that-until now-has been sorely lacking. Review the current state of data security and storage in the cloud, including confidentiality, integrity, and availability Learn about the identity and access management (IAM) practice for authentication, authorization, and auditing of the users accessing cloud services Discover which security management frameworks and standards are relevant for the cloud Understand the privacy aspects you need to consider in the cloud, including how they compare with traditional computing models Learn the importance of audit and compliance functions within the cloud, and the various standards and frameworks to consider Examine security delivered as a service-a different facet of cloud security

Fundamentals of Information Systems Security

Author: Kim

Publisher: Jones & Bartlett Learning

ISBN: 1284128237

Category: Medical

Page: 548

View: 2442

DOWNLOAD NOW »

Revised and updated with the latest data in the field, Fundamentals of Information Systems Security, Third Edition provides a comprehensive overview of the essential concepts readers must know as they pursue careers in information systems security. The text opens with a discussion of the new risks, threats, and vulnerabilities associated with the transition to a digital world. Part 2 presents a high level overview of the Security+ Exam and provides students with information as they move toward this certification.

Ten Strategies of a World-Class Cybersecurity Operations Center

Author: Carson Zimmerman

Publisher: N.A

ISBN: 9780692243107

Category:

Page: N.A

View: 2703

DOWNLOAD NOW »

Ten Strategies of a World-Class Cyber Security Operations Center conveys MITRE's accumulated expertise on enterprise-grade computer network defense. It covers ten key qualities of leading Cyber Security Operations Centers (CSOCs), ranging from their structure and organization, to processes that best enable smooth operations, to approaches that extract maximum value from key CSOC technology investments. This book offers perspective and context for key decision points in structuring a CSOC, such as what capabilities to offer, how to architect large-scale data collection and analysis, and how to prepare the CSOC team for agile, threat-based response. If you manage, work in, or are standing up a CSOC, this book is for you. It is also available on MITRE's website, www.mitre.org.

Managing Security and Compliance in Cloud or Virtualized Data Centers Using IBM PowerSC

Author: Axel Buecker,Fernando Costa,Rosa Davidson,Enrico Matteotti,Geraint North,David Sherwood,Simon Zaccak,IBM Redbooks

Publisher: IBM Redbooks

ISBN: 0738437670

Category: Computers

Page: 346

View: 8914

DOWNLOAD NOW »

IBM® PowerSC provides a security and compliance solution that is optimized for virtualized environments on IBM Power SystemsTM servers, running IBM PowerVM® and IBM AIX®. Security control and compliance are some of the key components that are needed to defend the virtualized data center and cloud infrastructure against ever evolving new threats. The IBM business-driven approach to enterprise security used in conjunction with solutions such as PowerSC makes IBM the premier security vendor in the market today. This IBM Redbooks® deliverable helps IT and Security managers, architects, and consultants to strengthen their security and compliance posture in a virtualized environment running IBM PowerVM.

A Few Good Words

How Internal Auditors Can Write Better, More Insightful Reports

Author: Sally F Cutler

Publisher: iUniverse

ISBN: 9781450204934

Category: Business & Economics

Page: N.A

View: 6605

DOWNLOAD NOW »

Learn key strategies and skills for writing effective internal audit reports and for managing report writers.A range of issues is covered: from organization to clarity, from tone to proofreading. Throughout, realistic examples support sound, contemporary writing theory.Cutler draws on her years of consulting with and providing training for internal auditors-as well as on her formal education in writing-to provide advice that is at once insightful and down-to-earth.A useful addition to any internal audit library, A Few Good Words will help new and experienced report writers to develop, write, and polish reports that communicate essential messages readably and persuasively. It also will help those managing report writers, providing insights on reviewing and editing as well as benchmarks for writing quality.

Auditing Cloud Computing

A Security and Privacy Guide

Author: Ben Halpert

Publisher: John Wiley & Sons

ISBN: 1118116046

Category: Business & Economics

Page: 224

View: 8773

DOWNLOAD NOW »

The auditor's guide to ensuring correct security and privacy practices in a cloud computing environment Many organizations are reporting or projecting a significant cost savings through the use of cloud computing—utilizing shared computing resources to provide ubiquitous access for organizations and end users. Just as many organizations, however, are expressing concern with security and privacy issues for their organization's data in the "cloud." Auditing Cloud Computing provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among other aspects, are addressed for cloud based resources. Provides necessary guidance to ensure auditors address security and privacy aspects that through a proper audit can provide a specified level of assurance for an organization's resources Reveals effective methods for evaluating the security and privacy practices of cloud services A cloud computing reference for auditors and IT security professionals, as well as those preparing for certification credentials, such as Certified Information Systems Auditor (CISA) Timely and practical, Auditing Cloud Computing expertly provides information to assist in preparing for an audit addressing cloud computing security and privacy for both businesses and cloud based service providers.

The CISO Handbook

A Practical Guide to Securing Your Company

Author: Michael Gentile,Ron Collette,Thomas D. August

Publisher: CRC Press

ISBN: 1420031376

Category: Business & Economics

Page: 352

View: 2464

DOWNLOAD NOW »

The CISO Handbook: A Practical Guide to Securing Your Company provides unique insights and guidance into designing and implementing an information security program, delivering true value to the stakeholders of a company. The authors present several essential high-level concepts before building a robust framework that will enable you to map the concepts to your company’s environment. The book is presented in chapters that follow a consistent methodology – Assess, Plan, Design, Execute, and Report. The first chapter, Assess, identifies the elements that drive the need for infosec programs, enabling you to conduct an analysis of your business and regulatory requirements. Plan discusses how to build the foundation of your program, allowing you to develop an executive mandate, reporting metrics, and an organizational matrix with defined roles and responsibilities. Design demonstrates how to construct the policies and procedures to meet your identified business objectives, explaining how to perform a gap analysis between the existing environment and the desired end-state, define project requirements, and assemble a rough budget. Execute emphasizes the creation of a successful execution model for the implementation of security projects against the backdrop of common business constraints. Report focuses on communicating back to the external and internal stakeholders with information that fits the various audiences. Each chapter begins with an Overview, followed by Foundation Concepts that are critical success factors to understanding the material presented. The chapters also contain a Methodology section that explains the steps necessary to achieve the goals of the particular chapter.

World-Class Risk Management

Author: Norman Marks

Publisher: CreateSpace

ISBN: 9781511997775

Category:

Page: 234

View: 6283

DOWNLOAD NOW »

What is world-class risk management? Why do so many top executives and board members have difficulty seeing how enterprise risk management makes a positive contribution to the success of the organization? Norman Marks is recognized as a global thought leader in risk management. He is an Honorary Fellow of the Institute of Risk Management and a Fellow of the Open Compliance and Ethics Group. A prolific blogger, author of three previous books and multiple award-winning articles, and a speaker at conferences and seminars around the world, Norman Marks is an original thinker with a business rather than a technical risk management perspective. Norman considers these key questions and provides his insights, focusing on the need to make the management of risk a key ingredient in decision-making and the running of the business. He considers not only how risk relates to objective and strategy-setting, but discusses each risk management activity from identifying to treating risk - as an integral part of day-to-day management rather than a separate, periodic exercise. The book includes a challenging and thoughtful foreword by Grant Purdy, one of the pioneers and highly-respected risk management leaders. Expert reviews include: "Whether you are a manager, an assurance provider or a risk management professional, the way Norman has written this book and the good sense it contains should cause you to rethink your understanding of risk and how you go about recognising and responding to it." - Grant Purdy "I found World-Class Risk Management an engaging and interesting read. Fair warning: This is not a text book; it is a point-of-view book. If you are only interested in preserving the status quo, I advise you to put this book down! Now! But if you welcome a challenge to your view as to how risk management should function, I encourage you to let Norman take you on a journey to world-class risk management. These changing and disruptive times require that we constantly up our game." - Jim DeLoach "In the last 6 years, Norman has evolved and challenged narrow minded views of risk management that have a bureaucratic audit or compliance-focus approach as well as academic thoughts that do little to increase the performance of an organization and create value. Today, he has gathered his current state of knowledge in risk management in his new book exploring, reviewing and questioning the concept of "World-Class Risk Management" with references to the internationally-adopted ISO 31000 risk management standard." - Alex Dali