If you're a leader in Cybersecurity, then you know it often seems like no one cares about--or understands--information security. Infosec professionals struggle to integrate security into their companies. Most are under resourced. Most are at odds with their organizations. There must be a better way. This essential manager's guide offers a new approach to building and maintaining an information security program that's both effective and easy to follow. Author and longtime infosec leader Todd Barnum upends the assumptions security professionals take for granted. CISOs, CSOs, CIOs, and IT security professionals will learn a simple seven-step process that will help you build a new program or improve your current program. Build better relationships with IT and other teams within your organization Align your role with your company's values, culture, and tolerance for information loss Lay the groundwork for your security program Create a communications program to share your team's contributions and educate your coworkers Transition security functions and responsibilities to other teams Organize and build an effective infosec team Measure your progress with two key metrics: your staff's ability to recognize and report security policy violations and phishing emails.
Practical guide that can be used by executives to make well-informed decisions on cybersecurity issues to better protect their business Emphasizes, in a direct and uncomplicated way, how executives can identify, understand, assess, and mitigate risks associated with cybersecurity issues Covers 'What to Do When You Get Hacked?' including Business Continuity and Disaster Recovery planning, Public Relations, Legal and Regulatory issues, and Notifications and Disclosures Provides steps for integrating cybersecurity into Strategy; Policy and Guidelines; Change Management and Personnel Management Identifies cybersecurity best practices that executives can and should use both in the office and at home to protect their vital information
Cybersecurity threats are on the rise. As a leader, you need to be prepared to keep your organization safe. Companies are investing an unprecedented amount of money to keep their data and assets safe, yet cyberattacks are on the rise--and the problem is worsening. No amount of technology, resources, or policies will reverse this trend. Only sound governance, originating with the board, can turn the tide. Protection against cyberattacks can't be treated as a problem solely belonging to an IT or cybersecurity department. It needs to cast a wide and impenetrable net that covers everything an organization does--from its business operations, models, and strategies to its products and intellectual property. And boards are in the best position to oversee the needed changes to strategy and hold their companies accountable. Not surprisingly, many boards aren't prepared to assume this responsibility. In A Leader's Guide to Cybersecurity, Thomas Parenty and Jack Domet, who have spent over three decades in the field, present a timely, clear-eyed, and actionable framework that will empower senior executives and board members to become stewards of their companies' cybersecurity activities. This includes: Understanding cyber risks and how best to control them Planning and preparing for a crisis--and leading in its aftermath Making cybersecurity a companywide initiative and responsibility Drawing attention to the nontechnical dynamics that influence the effectiveness of cybersecurity measures Aligning the board, executive leadership, and cybersecurity teams on priorities Filled with tools, best practices, and strategies, A Leader's Guide to Cybersecurity will help boards navigate this seemingly daunting but extremely necessary transition.
Successfully responding to modern cybersecurity threats requires a well-planned, organized, and tested incident management program based on a formal incident management framework. It must be comprised of technical and non-technical requirements and planning for all aspects of people, process, and technology. This includes evolving considerations specific to the customer environment, threat landscape, regulatory requirements, and security controls. Only through a highly adaptive, iterative, informed, and continuously evolving full-lifecycle incident management program can responders and the companies they support be successful in combatting cyber threats. This book is the first in a series of volumes that explains in detail the full-lifecycle cybersecurity incident management program. It has been developed over two decades of security and response experience and honed across thousands of customer environments, incidents, and program development projects. It accommodates all regulatory and security requirements and is effective against all known and newly evolving cyber threats.
In today’s litigious business world, cyber-related matters could land you in court. As a computer security professional, you are protecting your data, but are you protecting your company? While you know industry standards and regulations, you may not be a legal expert. Fortunately, in a few hours of reading, rather than months of classroom study, Tari Schreider’s The Manager’s Guide to Cybersecurity Law: Essentials for Today’s Business, lets you integrate legal issues into your security program. Tari Schreider, a board-certified information security practitioner with a criminal justice administration background, has written a much-needed book that bridges the gap between cybersecurity programs and cybersecurity law. He says, “My nearly 40 years in the fields of cybersecurity, risk management, and disaster recovery have taught me some immutable truths. One of these truths is that failure to consider the law when developing a cybersecurity program results in a protective façade or false sense of security.” In a friendly style, offering real-world business examples from his own experience supported by a wealth of court cases, Schreider covers the range of practical information you will need as you explore – and prepare to apply – cybersecurity law. His practical, easy-to-understand explanations help you to: Understand your legal duty to act reasonably and responsibly to protect assets and information. Identify which cybersecurity laws have the potential to impact your cybersecurity program. Upgrade cybersecurity policies to comply with state, federal, and regulatory statutes. Communicate effectively about cybersecurity law with corporate legal department and counsel. Understand the implications of emerging legislation for your cybersecurity program. Know how to avoid losing a cybersecurity court case on procedure – and develop strategies to handle a dispute out of court. Develop an international view of cybersecurity and data privacy – and international legal frameworks. Schreider takes you beyond security standards and regulatory controls to ensure that your current or future cybersecurity program complies with all laws and legal jurisdictions. Hundreds of citations and references allow you to dig deeper as you explore specific topics relevant to your organization or your studies. This book needs to be required reading before your next discussion with your corporate legal department.
The Complete Guide to Cybersecurity Risks and Controls presents the fundamental concepts of information and communication technology (ICT) governance and control. In this book, you will learn how to create a working, practical control structure that will ensure the ongoing, day-to-day trustworthiness of ICT systems and data. The book explains how to establish systematic control functions and timely reporting procedures within a standard organizational framework and how to build auditable trust into the routine assurance of ICT operations. The book is based on the belief that ICT operation is a strategic governance issue rather than a technical concern. With the exponential growth of security breaches and the increasing dependency on external business partners to achieve organizational success, the effective use of ICT governance and enterprise-wide frameworks to guide the implementation of integrated security controls are critical in order to mitigate data theft. Surprisingly, many organizations do not have formal processes or policies to protect their assets from internal or external threats. The ICT governance and control process establishes a complete and correct set of managerial and technical control behaviors that ensures reliable monitoring and control of ICT operations. The body of knowledge for doing that is explained in this text. This body of knowledge process applies to all operational aspects of ICT responsibilities ranging from upper management policy making and planning, all the way down to basic technology operation.
The maritime industry is thousands of years old. The shipping industry, which includes both ships and ports, follows practices that are as old as the industry itself, yet relies on decades-old information technologies to protect its assets. Computers have only existed for the last 60 years and computer networks for 40. Today, we find an industry with rich tradition, colliding with new types of threats, vulnerabilities, and exposures. This book explores cybersecurity aspects of the maritime transportation sector and the threat landscape that seeks to do it harm.
Cybersecurity Operations Handbook is the first book for daily operations teams who install, operate and maintain a range of security technologies to protect corporate infrastructure. Written by experts in security operations, this book provides extensive guidance on almost all aspects of daily operational security, asset protection, integrity management, availability methodology, incident response and other issues that operational teams need to know to properly run security products and services in a live environment. Provides a master document on Mandatory FCC Best Practices and complete coverage of all critical operational procedures for meeting Homeland Security requirements.·First book written for daily operations teams·Guidance on almost all aspects of daily operational security, asset protection, integrity management·Critical information for compliance with Homeland Security
As a security professional, have you found that you and others in your company do not always define “security” the same way? Perhaps security interests and business interests have become misaligned. Brian Allen and Rachelle Loyear offer a new approach: Enterprise Security Risk Management (ESRM). By viewing security through a risk management lens, ESRM can help make you and your security program successful. In their long-awaited book, based on years of practical experience and research, Brian Allen and Rachelle Loyear show you step-by-step how Enterprise Security Risk Management (ESRM) applies fundamental risk principles to manage all security risks. Whether the risks are informational, cyber, physical security, asset management, or business continuity, all are included in the holistic, all-encompassing ESRM approach which will move you from task-based to risk-based security. How is ESRM familiar? As a security professional, you may already practice some of the components of ESRM. Many of the concepts – such as risk identification, risk transfer and acceptance, crisis management, and incident response – will be well known to you. How is ESRM new? While many of the principles are familiar, the authors have identified few organizations that apply them in the comprehensive, holistic way that ESRM represents – and even fewer that communicate these principles effectively to key decision-makers. How is ESRM practical? ESRM offers you a straightforward, realistic, actionable approach to deal effectively with all the distinct types of security risks facing you as a security practitioner. ESRM is performed in a life cycle of risk management including: Asset assessment and prioritization. Risk assessment and prioritization. Risk treatment (mitigation). Continuous improvement. Throughout Enterprise Security Risk Management: Concepts and Applications, the authors give you the tools and materials that will help you advance you in the security field, no matter if you are a student, a newcomer, or a seasoned professional. Included are realistic case studies, questions to help you assess your own security program, thought-provoking discussion questions, useful figures and tables, and references for your further reading. By redefining how everyone thinks about the role of security in the enterprise, your security organization can focus on working in partnership with business leaders and other key stakeholders to identify and mitigate security risks. As you begin to use ESRM, following the instructions in this book, you will experience greater personal and professional satisfaction as a security professional – and you’ll become a recognized and trusted partner in the business-critical effort of protecting your enterprise and all its assets.
Kickstart a career in cybersecurity by adapting your existing technical and non-technical skills. Author Alyssa Miller has spent fifteen years in cybersecurity leadership and talent development, and shares her unique perspective in this revealing industry guide. In Cybersecurity Career Guide you will learn: Self-analysis exercises to find your unique capabilities and help you excel in cybersecurity How to adapt your existing skills to fit a cybersecurity role Succeed at job searches, applications, and interviews to receive valuable offers Ways to leverage professional networking and mentoring for success and career growth Building a personal brand and strategy to stand out from other applicants Overcoming imposter syndrome and other personal roadblocks Cybersecurity Career Guide unlocks your pathway to becoming a great security practitioner. You’ll learn how to reliably enter the security field and quickly grow into your new career, following clear, practical advice that’s based on research and interviews with hundreds of hiring managers. Practical self-analysis exercises identify gaps in your resume, what makes you valuable to an employer, and what you want out of your career in cyber. You’ll assess the benefits of all major professional qualifications, and get practical advice on relationship building with mentors. About the technology Do you want a rewarding job in cybersecurity? Start here! This book highlights the full range of exciting security careers and shows you exactly how to find the role that’s perfect for you. You’ll go through all the steps—from building the right skills to acing the interview. Author and infosec expert Alyssa Miller shares insights from fifteen years in cybersecurity that will help you begin your new career with confidence. About the book Cybersecurity Career Guide shows you how to turn your existing technical skills into an awesome career in information security. In this practical guide, you’ll explore popular cybersecurity jobs, from penetration testing to running a Security Operations Center. Actionable advice, self-analysis exercises, and concrete techniques for building skills in your chosen career path ensure you’re always taking concrete steps towards getting hired. What's inside Succeed at job searches, applications, and interviews Building your professional networking and finding mentors Developing your personal brand Overcoming imposter syndrome and other roadblocks About the reader For readers with general technical skills who want a job in cybersecurity. About the author Alyssa Miller has fifteen years of experience in the cybersecurity industry, including penetration testing, executive leadership, and talent development. Table of Contents PART 1 EXPLORING CYBERSECURITY CAREERS 1 This thing we call cybersecurity 2 The cybersecurity career landscape 3 Help wanted, skills in a hot market PART 2 PREPARING FOR AND MASTERING YOUR JOB SEARCH 4 Taking the less traveled path 5 Addressing your capabilities gap 6 Resumes, applications, and interviews PART 3 BUILDING FOR LONG-TERM SUCCESS 7 The power of networking and mentorship 8 The threat of impostor syndrome 9 Achieving success
