Book description
If you're a cybersecurity professional, then you know how it often seems that no one cares about (or understands) information security. InfoSec professionals frequently struggle to integrate security into their companies' processes. Many are at odds with their organizations. Most are under-resourced. There must be a better way. This essential manager's guide offers a new approach to building and maintaining an information security program that's both effective and easy to follow.
Author and longtime chief information security officer (CISO) Todd Barnum upends the assumptions security professionals take for granted. CISOs, chief security officers, chief information officers, and IT security professionals will learn a simple seven-step process for building a new program or improving a current one.
- Build better relationships across the organization
- Align your role with your company's values, culture, and tolerance for information loss
- Lay the groundwork for your security program
- Create a communications program to share your team's contributions and educate your coworkers
- Transition security functions and responsibilities to other teams
- Organize and build an effective InfoSec team
- Measure your company's ability to recognize and report security policy violations and phishing emails
Publisher resources
Table of contents
- Why I Wrote this Book
- 1. The Odds Are Against You
-
2. The Science of Our Business:The Eight Domains
- Why Am I Commenting on the Eight Domains?
- Domain 1: Security and Risk Management
- Domain 2: Asset Security
- Domain 3: Security Engineering and Architecture
- Domain 4: Communications and Network Security
- Domain 5: Identity and Access Management
- Domain 6: Security Assessment and Testing
- Domain 7: Security Operations
- Domain 8: Software Development Security
- Conclusion
- 3. The Art of Our Business: The Seven Steps
-
4. Step 1: Cultivate Relationships
- Caution: The Nature of Our Work
- Making Relationships a Top Priority
- Your Program Will Be Only as Good as Your Relationships
- Relationships Aren’t Sexy
- Hiring Staff with Relationships in Mind
- Building Strong Relationships: It Takes a Plan
- Understanding the Value of Listening
- Reaping the Benefits of Relationships: Teamwork
- Fostering Special Relationships
- Conclusion
- 5. Step 2: Ensure Alignment
- 6. Step 3: Use the Four Cornerstones to Lay the Foundation of Your Program
- 7. Step 4: Use Communications to Get the Message Out
- 8. Step 5: Give Your Job Away...It’s Your Only Hope
- 9. Step 6: Organize Your InfoSec Team
- 10. Step 7: Measure What Matters
- 11. Working with the Audit Team
- 12. A Note to CISOs
- Final Thoughts
- Index
Product information
- Title: The Cybersecurity Manager's Guide
- Author(s):
- Release date: March 2021
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781492076216
You might also like
book
Cybersecurity Leadership Demystified
Gain useful insights into cybersecurity leadership in a modern-day organization with the help of use cases …
book
Cybersecurity Risk Management
Cybersecurity Risk Management In Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework, veteran …
book
IT Security Controls: A Guide to Corporate Standards and Frameworks
Use this reference for IT security practitioners to get an overview of the major standards and …
book
Information Security Policies, Procedures, and Standards
This book supplies a blueprint on how to develop effective information security policies and procedures. It …