Selling Information Security to the Board

Selling Information Security to the Board

Author: Alan Calder

Publisher: IT Governance Ltd

Published: 2017-03-31

Total Pages: 67

ISBN-13: 1849288003

DOWNLOAD EBOOK

Information technology plays a fundamental role in the operations of any modern business. While the confidentiality and integrity of your organisation's information have to be protected, a business still needs to have this information readily available in order to be able to function from day to day. If you are an information security practitioner, you need to be able to sell complex and often technical solutions to boards and management teams. Persuading the board to invest in information security measures requires sales skills. As an information security professional, you are a scientific and technical specialist; and yet you need to get your message across to people whose primary interests lie elsewhere, in turnover and overall performance. In other words, you need to develop sales and marketing skills. This pocket guide will help you with the essential sales skills that persuade company directors to commit money and resources to your information security initiatives.


The Secure Board

The Secure Board

Author: Anna Leibel

Publisher: 27 Lanterns Pty Ltd

Published: 2021-03-14

Total Pages: 122

ISBN-13: 0648973689

DOWNLOAD EBOOK

With the collective global spend on cyber security projected to reach $433bn by 2030, the impact of cyber risk - be it reputational, financial or regulatory - must now be front of mind for all Directors. Written for current and aspiring Board members, The Secure Board provides the insights you need to ask the right questions, to give you the confidence your organisation is cyber-safe. Designed to be read either in its entirety or as a reference for a specific cyber security topic on your upcoming board agenda, The Secure Board sets aside the jargon in a practical, informative guide for Directors. "I recommend The Secure Board as essential reading for all leaders. It will equip you with the knowledge and foresight to protect your information and your people." - David Thodey AO, Chair of CSIRO "[This book] will challenge you to stop, to reflect and then re-set some of your governance thinking. Anna and Claire, you have made a great contribution to the development of all Directors who choose to pick up this book." - Ken Lay AO APM FAICD, Lieutenant-Governor of Victoria Claire Pales is a best-selling author, a podcast host and Director of The Security Collective, a consulting company committed to growing and coaching information security professionals, CIOs and Boards, and helping businesses to establish exceptional information security practices. She has 17 years of experience in the security industry and leading award-winning cyber strategies throughout Australia and Asia. Anna Leibel is the founder of 110% Consulting, a Non Executive Director and senior executive across the financial services, management consulting, telecommunications and technology industries. With more than two decades in leading customer, business and digital change, she is a sought after advisor to Boards and Chief Executives on transformation, data, cyber, leadership and culture.


Cybersecurity for Business

Cybersecurity for Business

Author: Larry Clinton

Publisher: Kogan Page Publishers

Published: 2022-04-03

Total Pages: 265

ISBN-13: 1398606391

DOWNLOAD EBOOK

Balance the benefits of digital transformation with the associated risks with this guide to effectively managing cybersecurity as a strategic business issue. Important and cost-effective innovations can substantially increase cyber risk and the loss of intellectual property, corporate reputation and consumer confidence. Over the past several years, organizations around the world have increasingly come to appreciate the need to address cybersecurity issues from a business perspective, not just from a technical or risk angle. Cybersecurity for Business builds on a set of principles developed with international leaders from technology, government and the boardroom to lay out a clear roadmap of how to meet goals without creating undue cyber risk. This essential guide outlines the true nature of modern cyber risk, and how it can be assessed and managed using modern analytical tools to put cybersecurity in business terms. It then describes the roles and responsibilities each part of the organization has in implementing an effective enterprise-wide cyber risk management program, covering critical issues such as incident response, supply chain management and creating a culture of security. Bringing together a range of experts and senior leaders, this edited collection enables leaders and students to understand how to manage digital transformation and cybersecurity from a business perspective.


Cybersecurity Readiness

Cybersecurity Readiness

Author: Dave Chatterjee

Publisher: SAGE Publications

Published: 2021-02-09

Total Pages: 248

ISBN-13: 1071837354

DOWNLOAD EBOOK

"Information security has become an important and critical component of every organization. In his book, Professor Chatterjee explains the challenges that organizations experience to protect information assets. The book sheds light on different aspects of cybersecurity including a history and impact of the most recent security breaches, as well as the strategic and leadership components that help build strong cybersecurity programs. This book helps bridge the gap between academia and practice and provides important insights that may help professionals in every industry." Mauricio Angee, Chief Information Security Officer, GenesisCare USA, Fort Myers, Florida, USA "This book by Dave Chatterjee is by far the most comprehensive book on cybersecurity management. Cybersecurity is on top of the minds of board members, CEOs, and CIOs as they strive to protect their employees and intellectual property. This book is a must-read for CIOs and CISOs to build a robust cybersecurity program for their organizations." Vidhya Belapure, Chief Information Officer, Huber Engineered Materials & CP Kelco, Marietta, Georgia, USA Cybersecurity has traditionally been the purview of information technology professionals, who possess specialized knowledge and speak a language that few outside of their department can understand. In our current corporate landscape, however, cybersecurity awareness must be an organization-wide management competency in order to mitigate major threats to an organization’s well-being—and be prepared to act if the worst happens. With rapidly expanding attacks and evolving methods of attack, organizations are in a perpetual state of breach and have to deal with this existential threat head-on. Cybersecurity preparedness is a critical and distinctive competency, and this book is intended to help students and practitioners develop and enhance this capability, as individuals continue to be both the strongest and weakest links in a cyber defense system. In addition to providing the non-specialist with a jargon-free overview of cybersecurity threats, Dr. Chatterjee focuses most of the book on developing a practical and easy-to-comprehend management framework and success factors that will help leaders assess cybersecurity risks, address organizational weaknesses, and build a collaborative culture that is informed and responsive. Through brief case studies, literature review, and practical tools, he creates a manual for the student and professional alike to put into practice essential skills for any workplace.


Cyber Security

Cyber Security

Author: Phillip Ferraro

Publisher:

Published: 2016-07-06

Total Pages: 144

ISBN-13: 9781988071206

DOWNLOAD EBOOK

CYBER SECURITY will help you learn exactly what steps you, as a leader, can take to properly prepare your organization to face today's constantly evolving threat landscape. This book will help you not only understand the modern day threats, but also take action to ensure your company is safe.


Information Security Risk Management for ISO 27001/ISO 27002, third edition

Information Security Risk Management for ISO 27001/ISO 27002, third edition

Author: Alan Calder

Publisher: IT Governance Ltd

Published: 2019-08-29

Total Pages: 181

ISBN-13: 1787781372

DOWNLOAD EBOOK

Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver real, bottom-line business benefits.


IT Security Risk Control Management

IT Security Risk Control Management

Author: Raymond Pompon

Publisher: Apress

Published: 2016-09-14

Total Pages: 328

ISBN-13: 1484221400

DOWNLOAD EBOOK

Follow step-by-step guidance to craft a successful security program. You will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes. Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking. What You Will Learn: Build a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constantly changing threats Prepare for and pass such common audits as PCI-DSS, SSAE-16, and ISO 27001 Calibrate the scope, and customize security controls to fit into an organization’s culture Implement the most challenging processes, pointing out common pitfalls and distractions Frame security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your advice Who This Book Is For: IT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; and security specialists from other disciplines moving into information security (e.g., former military security professionals, law enforcement professionals, and physical security professionals)


InfoSec Career Hacking: Sell Your Skillz, Not Your Soul

InfoSec Career Hacking: Sell Your Skillz, Not Your Soul

Author: Chris Hurley

Publisher: Elsevier

Published: 2005-06-02

Total Pages: 473

ISBN-13: 0080489036

DOWNLOAD EBOOK

"InfoSec Career Hacking starts out by describing the many, different InfoSec careers available including Security Engineer, Security Analyst, Penetration Tester, Auditor, Security Administrator, Programmer, and Security Program Manager. The particular skills required by each of these jobs will be described in detail, allowing the reader to identify the most appropriate career choice for them. Next, the book describes how the reader can build his own test laboratory to further enhance his existing skills and begin to learn new skills and techniques. The authors also provide keen insight on how to develop the requisite soft skills to migrate form the hacker to corporate world.* The InfoSec job market will experience explosive growth over the next five years, and many candidates for these positions will come from thriving, hacker communities * Teaches these hackers how to build their own test networks to develop their skills to appeal to corporations and government agencies * Provides specific instructions for developing time, management, and personal skills to build a successful InfoSec career


Stop The Cyber Bleeding

Stop The Cyber Bleeding

Author: Bob Chaput

Publisher:

Published: 2020-10-07

Total Pages: 0

ISBN-13: 9781735122205

DOWNLOAD EBOOK

Protect patients from harm and defend your healthcare organization with a robust enterprise cyber risk management program. Cyber threats are ever increasing, particularly in the healthcare sector. Risks to patient safety are rising at an exponential rate, yet most healthcare organizations are underprepared to deal with these threats. Safeguarding today's patients and your organization is not just an IT problem. It's time to stop the cyber bleeding with this definitive guide to enterprise cyber risk management. Bob Chaput, a leading authority on cybersecurity and enterprise risk management, brings an essential resource for healthcare leaders and board members. Equipping leaders with the knowledge and tools to establish a robust enterprise cyber risk management (ECRM) program, this book gives valuable insight into protecting patient data, complying with regulations, and enhancing your organization's reputation and finances. Focusing on optimizing five core capabilities-sound governance, skilled people, standardized processes, enabling technology, and organization-wide engagement, this book is your guide to building a cyber risk-aware culture and protecting your organization from costly and devastating cyberattacks. In this easy-to-digest guide, learn how to: Establish, implement, and mature your organization's ECRM program as part of your overall business strategy. Understand the unique roles, responsibilities, and information needs of every executive and board member for effective ECRM oversight. Conduct thorough cyber risk assessments using the NIST risk-assessment process to identify and prioritize risks, ensuring effective resource allocation. Align cybersecurity initiatives with business goals to enhance patient safety, regulatory compliance, and organizational reputation. Implement 6 initial actions to establish or improve your ECRM program, making the process manageable and actionable. Stop the Cyber Bleeding cuts through the jargon to bring timely and practical cyber risk management into clear focus. This pragmatic road map for governing and maturing an ECRM program in today's cyber risk environment gives healthcare leaders an edge to leverage security as a competitive advantage and to enhance patient trust. Stop the Cyber Bleeding will lead your organization toward a secure and resilient future.


The CISO Evolution

The CISO Evolution

Author: Matthew K. Sharp

Publisher: John Wiley & Sons

Published: 2022-01-26

Total Pages: 423

ISBN-13: 1119782481

DOWNLOAD EBOOK

Learn to effectively deliver business aligned cybersecurity outcomes In The CISO Evolution: Business Knowledge for Cybersecurity Executives, information security experts Matthew K. Sharp and Kyriakos “Rock” Lambros deliver an insightful and practical resource to help cybersecurity professionals develop the skills they need to effectively communicate with senior management and boards. They assert business aligned cybersecurity is crucial and demonstrate how business acumen is being put into action to deliver meaningful business outcomes. The authors use illustrative stories to show professionals how to establish an executive presence and avoid the most common pitfalls experienced by technology experts when speaking and presenting to executives. The book will show you how to: Inspire trust in senior business leaders by properly aligning and setting expectations around risk appetite and capital allocation Properly characterize the indispensable role of cybersecurity in your company’s overall strategic plan Acquire the necessary funding and resources for your company’s cybersecurity program and avoid the stress and anxiety that comes with underfunding Perfect for security and risk professionals, IT auditors, and risk managers looking for effective strategies to communicate cybersecurity concepts and ideas to business professionals without a background in technology. The CISO Evolution is also a must-read resource for business executives, managers, and leaders hoping to improve the quality of dialogue with their cybersecurity leaders.