The Cybersecurity Manager's Guide - Helion

ebook

Autor: Todd Barnum
ISBN: 9781492076162
stron: 178, Format: ebook
Data wydania: 2021-03-18
Księgarnia: Helion

Cena książki: 126,65 zł (poprzednio: 147,27 zł)
Oszczędzasz: 14% (-20,62 zł)

Osoby, które kupiły tę książkę, wybierały także »

If you're a cybersecurity professional, then you know how it often seems that no one cares about (or understands) information security. InfoSec professionals frequently struggle to integrate security into their companies' processes. Many are at odds with their organizations. Most are under-resourced. There must be a better way. This essential manager's guide offers a new approach to building and maintaining an information security program that's both effective and easy to follow.

Author and longtime chief information security officer (CISO) Todd Barnum upends the assumptions security professionals take for granted. CISOs, chief security officers, chief information officers, and IT security professionals will learn a simple seven-step process for building a new program or improving a current one.

Build better relationships across the organization
Align your role with your company's values, culture, and tolerance for information loss
Lay the groundwork for your security program
Create a communications program to share your team's contributions and educate your coworkers
Transition security functions and responsibilities to other teams
Organize and build an effective infosec team
Measure your company's ability to recognize and report security policy violations and phishing emails

Osoby które kupowały "The Cybersecurity Manager's Guide", wybierały także:

Windows Media Center. Domowe centrum rozrywki 66,67 zł, (8,00 zł -88%)
Ruby on Rails. Ćwiczenia 18,75 zł, (3,00 zł -84%)
DevOps w praktyce. Kurs video. Jenkins, Ansible, Terraform i Docker 190,00 zł, (39,90 zł -79%)
Przywództwo w świecie VUCA. Jak być skutecznym liderem w niepewnym środowisku 58,64 zł, (12,90 zł -78%)
Scrum. O zwinnym zarządzaniu projektami. Wydanie II rozszerzone 58,64 zł, (12,90 zł -78%)

Spis treści

The Cybersecurity Manager's Guide eBook -- spis treści

Why I Wrote this Book
- Conventions Used in This Book
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
1. The Odds Are Against You
- Fact 1: Nobody Really Cares
- Fact 2: Nobody Understands
- Fact 3: Fear Drives Our Industry
- Conclusion 1: Its All Up to You
- Conclusion 2: Youll Always Be Under-Resourced
- Conclusion 3: Being Successful Requires Thoughtful Work
- Conclusion
2. The Science of Our Business:The Eight Domains
- Why Am I Commenting on the Eight Domains?
- Domain 1: Security and Risk Management
  - IT Policies and Procedures
  - Security Governance Principles
  - Risk-Based Management Concepts
  - The Other Areas in the First Domain
- Domain 2: Asset Security
- Domain 3: Security Engineering and Architecture
- Domain 4: Communications and Network Security
- Domain 5: Identity and Access Management
- Domain 6: Security Assessment and Testing
- Domain 7: Security Operations
- Domain 8: Software Development Security
- Conclusion
3. The Art of Our Business: The Seven Steps
- The Sumo Approach
- The Judo Approach
- The Seven Steps to Engage Your Organization
  - Step 1: Cultivate Relationships
  - Step 2: Ensure Alignment
  - Step 3: Use the Four Cornerstones to Lay the Groundwork for Your Program
  - Step 4: Create a Communications Plan
  - Step 5: Give Your Job Away
  - Step 6: Build Your Team
  - Step 7: Measure What Matters
- Conclusion
4. Step 1: Cultivate Relationships
- Caution: The Nature of Our Work
- Making Relationships a Top Priority
- Your Program Will Be Only as Good as Your Relationships
- Relationships Arent Sexy
- Hiring Staff with Relationships in Mind
- Building Strong Relationships: It Takes a Plan
- Understanding the Value of Listening
- Reaping the Benefits of Relationships: Teamwork
- Fostering Special Relationships
  - Legal
  - Corporate Audit
  - Corporate Security
  - Human Resources
- Conclusion
5. Step 2: Ensure Alignment
- What I Mean by Alignment
- Choosing Where to Start on Alignment
- Seeing Alignment as the Starting Point
- Determining Your Companys Risk Profile
- The Ideal Alignment
- Understanding Your Companys Unique Risk Profile
- Creating Alignment Through Councils
  - Security business council
  - Extended security council
  - Executive security council
- Recognizing Signs of Misalignment
- Conclusion
6. Step 3: Use the Four Cornerstones to Lay the Foundation of Your Program
- The Four Cornerstones
- Cornerstone 1: Documentation
  - The Charter
    - Where to begin and what to focus on
    - How to pull it together
  - Information Security Policy
    - Where to begin and what to focus on
    - Drafting and reviewing your policy
  - Security Incident Response Plan
    - Where to begin and what to focus on
    - How to write the SIRP
  - Takeaways
- Cornerstone 2: Governance
- Cornerstone 3: Security Architecture
  - What Does Architecture Look Like?
  - How to Put the Security Architecture Together
  - Whats the Outcome of Developing the Security Architecture?
- Cornerstone 4: Communications, Education, and Awareness
  - The Benefits of Training and Educating Others
- Conclusion
7. Step 4: Use Communications to Get the Message Out
- What Is a Communications Program?
- Why Is a Communications Program So Important?
- Communications Within the InfoSec Team
- The Goal and Objectives of the Communications Program
- Starting Your Communications Program
  - Not All Departments Require Equal Levels of Communication
  - Your Teams Responsibilities
- Communications at Work
  - Example 1: Training with Industry Experts
  - Example 2: Collaborative Decision Making
  - Example 3: InfoSec Campus Events
- Signs the Communications Plan Is Working
- Conclusion
8. Step 5: Give Your Job Away...Its Your Only Hope
- Giving Your Job Away, a History Lesson
  - The 1990s
  - The Early 2000s
  - The Late 2000s
  - 2010 to Today
- Understanding Your Challenge
- Relationships and the Neighborhood Watch
- The Need for Governance
- Understanding the Risks to Giving Your Job Away
  - Risky Situation 1
  - Risky Situation 2
  - Risky Situation 3
- Working with Your New Neighbors
- Helpful Hints for Working with Other Teams
- Conclusion
9. Step 6: Organize Your InfoSec Team
- Identifying the Type of Talent Youll Need
- Managing a Preexisting Team
- Where You Report in the Organization Matters
- Working with the Infrastructure Team
- Dealing with Toxic Security Leaders
- Turning Around an InfoSec Enemy
- Defining Roles and Responsibilities of Team Members
- Conclusion
10. Step 7: Measure What Matters
- Why Measure?
- Understanding What to Measure
- Recognizing Policy Violations
- The Mother of All Metrics: Phishing Tests
- Social Engineering and Staff Training
- Technology Versus Training
- Conclusion
11. Working with the Audit Team
- The Audit Team Needs Your Help to Be Effective in Cybersecurity
- A Typical Encounter with Auditors When Not Guided by InfoSec
- Partnering with the Audit Team to Influence Change
- Where Did Auditors Get Such License?
- Getting Value from an Audit
- Conclusion
12. A Note to CISOs
- Seeing the CISO as a Cultural Change Agent
- Keeping Your Sword Sharp
- Hiring Techies
- Utilising Lunches
  - Free Lunch Fridays
  - Lunches with Other Companies
- Holding Cybersecurity Conferences
- Meeting with Other CISOs
- Conclusion
Final Thoughts
- Where to Go from Here
- Conclusion
Index