Building a Corporate Culture of Security
Building a Corporate Culture of Security

Author: John Sullivant

Publisher: Butterworth-Heinemann

Published: 2016-02-24

Total Pages: 300

ISBN-13: 012802058X

DOWNLOAD EBOOK

Building a Corporate Culture of Security: Strategies for Strengthening Organizational Resiliency provides readers with the proven strategies, methods, and techniques they need to present ideas and a sound business case for improving or enhancing security resilience to senior management. Presented from the viewpoint of a leading expert in the field, the book offers proven and integrated strategies that convert threats, hazards, risks, and vulnerabilities into actionable security solutions, thus enhancing organizational resiliency in ways that executive management will accept. The book delivers a much-needed look into why some corporate security practices programs work and others don't. Offering the tools necessary for anyone in the organization charged with security operations, Building a Corporate Culture of Security provides practical and useful guidance on handling security issues corporate executives hesitate to address until it's too late. - Provides a comprehensive understanding of the root causes of the most common security vulnerabilities that impact organizations and strategies for their early detection and prevention - Offers techniques for security managers on how to establish and maintain effective communications with executives, especially when bringing security weakness--and solutions--to them - Outlines a strategy for determining the value and contribution of protocols to the organization, how to detect gaps, duplications and omissions from those protocols, and how to improve their purpose and usefulness - Explores strategies for building professional competencies; managing security operations, and assessing risks, threats, vulnerabilities, and consequences - Shows how to establish a solid foundation for the layering of security and building a resilient protection-in-depth capability that benefits the entire organization - Offers appendices with proven risk management and risk-based metric frameworks and architecture platforms

Build a Security Culture
Build a Security Culture

Author: Kai Roer

Publisher: IT Governance Ltd

Published: 2015-03-12

Total Pages: 122

ISBN-13: 1849287171

DOWNLOAD EBOOK

Understand how to create a culture that promotes cyber security within the workplace. Using his own experiences, the author highlights the underlying cause for many successful and easily preventable attacks.

Building a Cybersecurity Culture in Organizations
Building a Cybersecurity Culture in Organizations

Author: Isabella Corradini

Publisher: Springer Nature

Published: 2020-04-29

Total Pages: 144

ISBN-13: 3030439992

DOWNLOAD EBOOK

This book offers a practice-oriented guide to developing an effective cybersecurity culture in organizations. It provides a psychosocial perspective on common cyberthreats affecting organizations, and presents practical solutions for leveraging employees’ attitudes and behaviours in order to improve security. Cybersecurity, as well as the solutions used to achieve it, has largely been associated with technologies. In contrast, this book argues that cybersecurity begins with improving the connections between people and digital technologies. By presenting a comprehensive analysis of the current cybersecurity landscape, the author discusses, based on literature and her personal experience, human weaknesses in relation to security and the advantages of pursuing a holistic approach to cybersecurity, and suggests how to develop cybersecurity culture in practice. Organizations can improve their cyber resilience by adequately training their staff. Accordingly, the book also describes a set of training methods and tools. Further, ongoing education programmes and effective communication within organizations are considered, showing that they can become key drivers for successful cybersecurity awareness initiatives. When properly trained and actively involved, human beings can become the true first line of defence for every organization.

Rational Cybersecurity for Business
Rational Cybersecurity for Business

Author: Dan Blum

Publisher: Apress

Published: 2020-06-27

Total Pages: 330

ISBN-13: 9781484259511

DOWNLOAD EBOOK

Use the guidance in this comprehensive field guide to gain the support of your top executives for aligning a rational cybersecurity plan with your business. You will learn how to improve working relationships with stakeholders in complex digital businesses, IT, and development environments. You will know how to prioritize your security program, and motivate and retain your team. Misalignment between security and your business can start at the top at the C-suite or happen at the line of business, IT, development, or user level. It has a corrosive effect on any security project it touches. But it does not have to be like this. Author Dan Blum presents valuable lessons learned from interviews with over 70 security and business leaders. You will discover how to successfully solve issues related to: risk management, operational security, privacy protection, hybrid cloud management, security culture and user awareness, and communication challenges. This book presents six priority areas to focus on to maximize the effectiveness of your cybersecurity program: risk management, control baseline, security culture, IT rationalization, access control, and cyber-resilience. Common challenges and good practices are provided for businesses of different types and sizes. And more than 50 specific keys to alignment are included. What You Will Learn Improve your security culture: clarify security-related roles, communicate effectively to businesspeople, and hire, motivate, or retain outstanding security staff by creating a sense of efficacy Develop a consistent accountability model, information risk taxonomy, and risk management framework Adopt a security and risk governance model consistent with your business structure or culture, manage policy, and optimize security budgeting within the larger business unit and CIO organization IT spend Tailor a control baseline to your organization’s maturity level, regulatory requirements, scale, circumstances, and critical assets Help CIOs, Chief Digital Officers, and other executives to develop an IT strategy for curating cloud solutions and reducing shadow IT, building up DevSecOps and Disciplined Agile, and more Balance access control and accountability approaches, leverage modern digital identity standards to improve digital relationships, and provide data governance and privacy-enhancing capabilities Plan for cyber-resilience: work with the SOC, IT, business groups, and external sources to coordinate incident response and to recover from outages and come back stronger Integrate your learnings from this book into a quick-hitting rational cybersecurity success plan Who This Book Is For Chief Information Security Officers (CISOs) and other heads of security, security directors and managers, security architects and project leads, and other team members providing security leadership to your business

Cyber Security Culture
Cyber Security Culture

Author: Dr Peter Trim

Publisher: Gower Publishing, Ltd.

Published: 2013-05-28

Total Pages: 301

ISBN-13: 1409474577

DOWNLOAD EBOOK

Focusing on countermeasures against orchestrated cyber-attacks, Cyber Security Culture is research-based and reinforced with insights from experts who do not normally release information into the public arena. It will enable managers of organizations across different industrial sectors and government agencies to better understand how organizational learning and training can be utilized to develop a culture that ultimately protects an organization from attacks. Peter Trim and David Upton believe that the speed and complexity of cyber-attacks demand a different approach to security management, including scenario-based planning and training, to supplement security policies and technical protection systems. The authors provide in-depth understanding of how organizational learning can produce cultural change addressing the behaviour of individuals, as well as machines. They provide information to help managers form policy to prevent cyber intrusions, to put robust security systems and procedures in place and to arrange appropriate training interventions such as table top exercises. Guidance embracing current and future threats and addressing issues such as social engineering is included. Although the work is embedded in a theoretical framework, non-technical staff will find the book of practical use because it renders highly technical subjects accessible and links firmly with areas beyond ICT, such as human resource management - in relation to bridging the education/training divide and allowing organizational learning to be embraced. This book will interest Government officials, policy advisors, law enforcement officers and senior managers within companies, as well as academics and students in a range of disciplines including management and computer science.

The Art of Business Value
The Art of Business Value

Author: Mark Schwartz

Publisher: IT Revolution

Published: 2016-04-07

Total Pages: 163

ISBN-13: 1942788053

DOWNLOAD EBOOK

Do you really understand what business value is? Information technology can and should deliver business value. But the Agile literature has paid scant attention to what business value means—and how to know whether or not you are delivering it. This problem becomes ever more critical as you push value delivery toward autonomous teams and away from requirements “tossed over the wall” by business stakeholders. An empowered team needs to understand its goal! Playful and thought-provoking, The Art of Business Value explores what business value means, why it matters, and how it should affect your software development and delivery practices. More than any other IT delivery approach, DevOps (and Agile thinking in general) makes business value a central concern. This book examines the role of business value in software and makes a compelling case for why a clear understanding of business value will change the way you deliver software. This book will make you think deeply about not only what it means to deliver value but also the relationship of the IT organization to the rest of the enterprise. It will give you the language to discuss value with the business, methods to cut through bureaucracy, and strategies for incorporating Agile teams and culture into the enterprise. Most of all, this book will startle you into new ways of thinking about the cutting-edge of Agile practice and where it may lead.

People-Centric Security: Transforming Your Enterprise Security Culture
People-Centric Security: Transforming Your Enterprise Security Culture

Author: Lance Hayden

Publisher: McGraw Hill Professional

Published: 2015-09-25

Total Pages: 416

ISBN-13: 0071846794

DOWNLOAD EBOOK

A culture hacking how to complete with strategies, techniques, and resources for securing the most volatile element of information security—humans People-Centric Security: Transforming Your Enterprise Security Culture addresses the urgent need for change at the intersection of people and security. Esentially a complete security culture toolkit, this comprehensive resource provides you with a blueprint for assessing, designing, building, and maintaining human firewalls. Globally recognized information security expert Lance Hayden lays out a course of action for drastically improving organizations’ security cultures through the precise use of mapping, survey, and analysis. You’ll discover applied techniques for embedding strong security practices into the daily routines of IT users and learn how to implement a practical, executable, and measurable program for human security. Features downloadable mapping and surveying templates Case studies throughout showcase the methods explained in the book Valuable appendices detail security tools and cultural threat and risk modeling Written by an experienced author and former CIA human intelligence officer

Keeping Patients Safe
Keeping Patients Safe

Author: Institute of Medicine

Publisher: National Academies Press

Published: 2004-03-27

Total Pages: 485

ISBN-13: 0309187362

DOWNLOAD EBOOK

Building on the revolutionary Institute of Medicine reports To Err is Human and Crossing the Quality Chasm, Keeping Patients Safe lays out guidelines for improving patient safety by changing nurses' working conditions and demands. Licensed nurses and unlicensed nursing assistants are critical participants in our national effort to protect patients from health care errors. The nature of the activities nurses typically perform â€" monitoring patients, educating home caretakers, performing treatments, and rescuing patients who are in crisis â€" provides an indispensable resource in detecting and remedying error-producing defects in the U.S. health care system. During the past two decades, substantial changes have been made in the organization and delivery of health care â€" and consequently in the job description and work environment of nurses. As patients are increasingly cared for as outpatients, nurses in hospitals and nursing homes deal with greater severity of illness. Problems in management practices, employee deployment, work and workspace design, and the basic safety culture of health care organizations place patients at further risk. This newest edition in the groundbreaking Institute of Medicine Quality Chasm series discusses the key aspects of the work environment for nurses and reviews the potential improvements in working conditions that are likely to have an impact on patient safety.

The Future of Work
The Future of Work

Author: Jacob Morgan

Publisher: John Wiley & Sons

Published: 2014-08-25

Total Pages: 261

ISBN-13: 1118877241

DOWNLOAD EBOOK

Throughout the history of business employees had to adapt to managers and managers had to adapt to organizations. In the future this is reversed with managers and organizations adapting to employees. This means that in order to succeed and thrive organizations must rethink and challenge everything they know about work. The demographics of employees are changing and so are employee expectations, values, attitudes, and styles of working. Conventional management models must be replaced with leadership approaches adapted to the future employee. Organizations must also rethink their traditional structure, how they empower employees, and what they need to do to remain competitive in a rapidly changing world. This is a book about how employees of the future will work, how managers will lead, and what organizations of the future will look like. The Future of Work will help you: Stay ahead of the competition Create better leaders Tap into the freelancer economy Attract and retain top talent Rethink management Structure effective teams Embrace flexible work environments Adapt to the changing workforce Build the organization of the future And more The book features uncommon examples and easy to understand concepts which will challenge and inspire you to work differently.

Transformational Security Awareness
Transformational Security Awareness

Author: Perry Carpenter

Publisher: John Wiley & Sons

Published: 2019-05-21

Total Pages: 375

ISBN-13: 1119566347

DOWNLOAD EBOOK

Expert guidance on the art and science of driving secure behaviors Transformational Security Awareness empowers security leaders with the information and resources they need to assemble and deliver effective world-class security awareness programs that drive secure behaviors and culture change. When all other processes, controls, and technologies fail, humans are your last line of defense. But, how can you prepare them? Frustrated with ineffective training paradigms, most security leaders know that there must be a better way. A way that engages users, shapes behaviors, and fosters an organizational culture that encourages and reinforces security-related values. The good news is that there is hope. That’s what Transformational Security Awareness is all about. Author Perry Carpenter weaves together insights and best practices from experts in communication, persuasion, psychology, behavioral economics, organizational culture management, employee engagement, and storytelling to create a multidisciplinary masterpiece that transcends traditional security education and sets you on the path to make a lasting impact in your organization. Find out what you need to know about marketing, communication, behavior science, and culture management Overcome the knowledge-intention-behavior gap Optimize your program to work with the realities of human nature Use simulations, games, surveys, and leverage new trends like escape rooms to teach security awareness Put effective training together into a well-crafted campaign with ambassadors Understand the keys to sustained success and ongoing culture change Measure your success and establish continuous improvements Do you care more about what your employees know or what they do? It's time to transform the way we think about security awareness. If your organization is stuck in a security awareness rut, using the same ineffective strategies, materials, and information that might check a compliance box but still leaves your organization wide open to phishing, social engineering, and security-related employee mistakes and oversights, then you NEED this book.