Security Leader Insights for Information Protection

Security Leader Insights for Information Protection
Author: Bob Fahy
Publsiher: Elsevier Science Limited
Total Pages: 74
Release: 2014-06-01
ISBN 10: 9780128008430
ISBN 13: 0128008431
Language: EN, FR, DE, ES & NL

Security Leader Insights for Information Protection Book Review:

How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Information Protection, a collection of timeless leadership best practices featuring insights from some of the nation's most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on security's role in information protection. Instead of re-inventing the wheel when faced with a new challenge, these proven practices and principles will allow you to execute with confidence knowing that your peers have done so with success. It includes chapters on the collaboration between corporate and information security, emerging issues in information protection, and information protection regulations and standards. Security Leader Insights for Information Protection is a part of Elsevier's Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Each chapter can be read in five minutes or less, and is written by or contains insights from experienced security leaders. Can be used to find illustrations and examples you can use to deal with a relevant issue. Brings together the diverse experiences of proven security leaders in one easy-to-read resource.

Security Leader Insights for Information Protection

Security Leader Insights for Information Protection
Author: Bob Fahy
Publsiher: Elsevier
Total Pages: 74
Release: 2014-05-24
ISBN 10: 0128009071
ISBN 13: 9780128009079
Language: EN, FR, DE, ES & NL

Security Leader Insights for Information Protection Book Review:

How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Information Protection, a collection of timeless leadership best practices featuring insights from some of the nation’s most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on security’s role in information protection. Instead of re-inventing the wheel when faced with a new challenge, these proven practices and principles will allow you to execute with confidence knowing that your peers have done so with success. It includes chapters on the collaboration between corporate and information security, emerging issues in information protection, and information protection regulations and standards. Security Leader Insights for Information Protection is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Each chapter can be read in five minutes or less, and is written by or contains insights from experienced security leaders. Can be used to find illustrations and examples you can use to deal with a relevant issue. Brings together the diverse experiences of proven security leaders in one easy-to-read resource.

Security Leader Insights for Business Continuity

Security Leader Insights for Business Continuity
Author: Phil Hopkins
Publsiher: Elsevier
Total Pages: 64
Release: 2014-09-11
ISBN 10: 0128009039
ISBN 13: 9780128009031
Language: EN, FR, DE, ES & NL

Security Leader Insights for Business Continuity Book Review:

How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Business Continuity, a collection of timeless leadership best practices featuring insights from some of the nation’s most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on security’s role in business continuity. Instead of re-inventing the wheel when faced with a new challenge, these proven practices and principles will allow you to execute with confidence knowing that your peers have done so with success. It includes chapters on the business resiliency and emergency preparedness, leading during a crisis, corporate social responsibility, and the Voluntary Private Sector Preparedness Certification Program. Security Leader Insights for Business Continuity is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real-world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Each chapter can be read in five minutes or less, and is written by or contains insights from experienced security leaders. Can be used to find illustrations and examples you can use to deal with a relevant issue. Brings together the diverse experiences of proven security leaders in one easy-to-read resource.

Security Leader Insights for Risk Management

Security Leader Insights for Risk Management
Author: Richard Chase
Publsiher: Elsevier
Total Pages: 60
Release: 2014-08-27
ISBN 10: 0128009047
ISBN 13: 9780128009048
Language: EN, FR, DE, ES & NL

Security Leader Insights for Risk Management Book Review:

How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Risk Management, a collection of timeless leadership best practices featuring insights from some of the nation’s most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on security’s role in risk management. Instead of re-inventing the wheel when faced with a new challenge, these proven practices and principles will allow you to execute with confidence knowing that your peers have done so with success. Part one looks at the risk assessment and subtopics such as compliance, using risk assessments to increase security’s influence, and risk indicator dashboards. Part two discusses risk management topics such as board-level risk, global risk, risk appetite, and enterprise risk management (ERM). Security Leader Insights for Risk Management is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real-world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Each chapter can be read in five minutes or less, and is written by or contains insights from experienced security leaders. Can be used to find illustrations and examples you can use to deal with a relevant issue. Brings together the diverse experiences of proven security leaders in one easy-to-read resource.

CISO COMPASS

CISO COMPASS
Author: Todd Fitzgerald
Publsiher: CRC Press
Total Pages: 526
Release: 2018-11-21
ISBN 10: 0429677839
ISBN 13: 9780429677830
Language: EN, FR, DE, ES & NL

CISO COMPASS Book Review:

Todd Fitzgerald, co-author of the ground-breaking (ISC)2 CISO Leadership: Essential Principles for Success, Information Security Governance Simplified: From the Boardroom to the Keyboard, co-author for the E-C Council CISO Body of Knowledge, and contributor to many others including Official (ISC)2 Guide to the CISSP CBK, COBIT 5 for Information Security, and ISACA CSX Cybersecurity Fundamental Certification, is back with this new book incorporating practical experience in leading, building, and sustaining an information security/cybersecurity program. CISO COMPASS includes personal, pragmatic perspectives and lessons learned of over 75 award-winning CISOs, security leaders, professional association leaders, and cybersecurity standard setters who have fought the tough battle. Todd has also, for the first time, adapted the McKinsey 7S framework (strategy, structure, systems, shared values, staff, skills and style) for organizational effectiveness to the practice of leading cybersecurity to structure the content to ensure comprehensive coverage by the CISO and security leaders to key issues impacting the delivery of the cybersecurity strategy and demonstrate to the Board of Directors due diligence. The insights will assist the security leader to create programs appreciated and supported by the organization, capable of industry/ peer award-winning recognition, enhance cybersecurity maturity, gain confidence by senior management, and avoid pitfalls. The book is a comprehensive, soup-to-nuts book enabling security leaders to effectively protect information assets and build award-winning programs by covering topics such as developing cybersecurity strategy, emerging trends and technologies, cybersecurity organization structure and reporting models, leveraging current incidents, security control frameworks, risk management, laws and regulations, data protection and privacy, meaningful policies and procedures, multi-generational workforce team dynamics, soft skills, and communicating with the Board of Directors and executive management. The book is valuable to current and future security leaders as a valuable resource and an integral part of any college program for information/ cybersecurity.

Security Leader Insights for Success

Security Leader Insights for Success
Author: Dave Komendat
Publsiher: Elsevier
Total Pages: 140
Release: 2014-03-06
ISBN 10: 012800908X
ISBN 13: 9780128009086
Language: EN, FR, DE, ES & NL

Security Leader Insights for Success Book Review:

How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Success, a collection of timeless leadership best practices featuring insights from some of the nation’s most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on leadership issues. Instead of re-inventing the wheel when faced with a new challenge, these proven practices and principles will allow you to execute with confidence knowing that your peers have done so with success. Security Leader Insights for Success is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Each chapter can be read in five minutes or less, and is written by or contains insights from experienced security leaders. Can be used to find illustrations and examples you can use to deal with a relevant issue. Brings together the diverse experiences of proven security leaders in one easy-to-read resource.

Security Leader Insights for Effective Management

Security Leader Insights for Effective Management
Author: Randy Harrison
Publsiher: Elsevier
Total Pages: 108
Release: 2014-05-23
ISBN 10: 0128009063
ISBN 13: 9780128009062
Language: EN, FR, DE, ES & NL

Security Leader Insights for Effective Management Book Review:

How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Effective Management, a collection of timeless leadership best practices featuring insights from some of the nation’s most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on topics such as the characteristics of effective security leaders and programs, leading through difficult times, budget issues, and aligning security with business goals. Instead of re-inventing the wheel when faced with a new challenge, these proven practices and principles will allow you to execute with confidence knowing that your peers have done so with success. Security Leader Insights for Effective Management is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Each chapter can be read in five minutes or less, and is written by or contains insights from experienced security leaders. Can be used to find illustrations and examples you can use to deal with a relevant issue. Brings together the diverse experiences of proven security leaders in one easy-to-read resource.

Impact of Emerging Digital Technologies on Leadership in Global Business

Impact of Emerging Digital Technologies on Leadership in Global Business
Author: Smith, Peter A.C.
Publsiher: IGI Global
Total Pages: 327
Release: 2014-06-30
ISBN 10: 1466661356
ISBN 13: 9781466661356
Language: EN, FR, DE, ES & NL

Impact of Emerging Digital Technologies on Leadership in Global Business Book Review:

To be successful, business leaders should be familiar with the emerging digital technologies that are contributing to the global business environment. All leaders must develop fresh capabilities if they are to successfully direct their communities through the emerging era of social digital connectivity and global dynamic complexity. Impact of Emerging Digital Technologies on Leadership in Global Business combines relevant theoretical and practical frameworks with the latest research and best practices regarding emergent digital technologies. This book is an essential reference source for professionals, researchers, academics, and students who want to improve their understanding of the strategic role of emerging digital technologies in the success of global business.

Information Security Essentials

Information Security Essentials
Author: Susan E. McGregor
Publsiher: Columbia University Press
Total Pages: 135
Release: 2021-06-01
ISBN 10: 0231549776
ISBN 13: 9780231549776
Language: EN, FR, DE, ES & NL

Information Security Essentials Book Review:

As technological and legal changes have hollowed out the protections that reporters and news organizations have depended upon for decades, information security concerns facing journalists as they report, produce, and disseminate the news have only intensified. From source prosecutions to physical attacks and online harassment, the last two decades have seen a dramatic increase in the risks faced by journalists at all levels even as the media industry confronts drastic cutbacks in budgets and staff. As a result, few professional or aspiring journalists have a comprehensive understanding of what is required to keep their sources, stories, colleagues, and reputations safe. This book is an essential guide to protecting news writers, sources, and organizations in the digital era. Susan E. McGregor provides a systematic understanding of the key technical, legal, and conceptual issues that anyone teaching, studying, or practicing journalism should know. Bringing together expert insights from both leading academics and security professionals who work at and with news organizations from BuzzFeed to the Associated Press, she lays out key principles and approaches for building information security into journalistic practice. McGregor draws on firsthand experience as a Wall Street Journal staffer, followed by a decade of researching, testing, and developing information security tools and practices. Filled with practical but evergreen advice that can enhance the security and efficacy of everything from daily beat reporting to long-term investigative projects, Information Security Essentials is a vital tool for journalists at all levels.

Global Business Leadership Development for the Fourth Industrial Revolution

Global Business Leadership Development for the Fourth Industrial Revolution
Author: Smith, Peter,Cockburn, Tom
Publsiher: IGI Global
Total Pages: 425
Release: 2020-09-25
ISBN 10: 1799848620
ISBN 13: 9781799848622
Language: EN, FR, DE, ES & NL

Global Business Leadership Development for the Fourth Industrial Revolution Book Review:

As the world has adapted to the age of digital technology, present day business leaders are required to change with the times as well. Addressing and formatting their business practices to not only encompass digital technologies, but expand their capabilities, the leaders of today must be flexible and willing to familiarize themselves with all types of global business practices. Global Business Leadership Development for the Fourth Industrial Revolution is a collection of advanced research on the methods and tactics utilized to succeed as a leader in the digital age. While highlighting topics including data privacy, corporate governance, and risk management, this book is ideally designed for business professionals, administrators, managers, executives, researchers, academicians, and business students who want to improve their understanding of the strategic role of digital technologies in the global economy, in networks and organizations, in teams and work groups, in information systems, and at the level of individuals as actors in digitally networked environments

Becoming a Global Chief Security Executive Officer

Becoming a Global Chief Security Executive Officer
Author: Roland Cloutier
Publsiher: Butterworth-Heinemann
Total Pages: 392
Release: 2015-10-13
ISBN 10: 0128027819
ISBN 13: 9780128027813
Language: EN, FR, DE, ES & NL

Becoming a Global Chief Security Executive Officer Book Review:

Becoming a Global Chief Security Executive Officer provides tangible, proven, and practical approaches to optimizing the security leader’s ability to lead both today’s, and tomorrow’s, multidisciplined security, risk, and privacy function. The need for well-trained and effective executives who focus on business security, risk, and privacy has exponentially increased as the critical underpinnings of today’s businesses rely more and more on their ability to ensure the effective operation and availability of business processes and technology. Cyberattacks, e-crime, intellectual property theft, and operating globally requires sustainable security programs and operations led by executives who cannot only adapt to today’s requirements, but also focus on the future. The book provides foundational and practical methods for creating teams, organizations, services, and operations for today’s—and tomorrow’s—physical and information converged security program, also teaching the principles for alignment to the business, risk management and mitigation strategies, and how to create momentum in business operations protection. Demonstrates how to develop a security program’s business mission Provides practical approaches to organizational design for immediate business impact utilizing the converged security model Offers insights into what a business, and its board, want, need, and expect from their security executives“/li> Covers the 5 Steps to Operational Effectiveness: Cybersecurity – Corporate Security – Operational Risk – Controls Assurance – Client Focus Provides templates and checklists for strategy design, program development, measurements and efficacy assurance

Proceedings of the 3rd International Conference on Building Innovations

Proceedings of the 3rd International Conference on Building Innovations
Author: Volodymyr Onyshchenko
Publsiher: Springer Nature
Total Pages: 135
Release: 2022
ISBN 10: 3030850439
ISBN 13: 9783030850432
Language: EN, FR, DE, ES & NL

Proceedings of the 3rd International Conference on Building Innovations Book Review:

Managing Risk and Information Security

Managing Risk and Information Security
Author: Malcolm Harkins
Publsiher: Apress
Total Pages: 152
Release: 2012-12-17
ISBN 10: 9781430251132
ISBN 13: 1430251131
Language: EN, FR, DE, ES & NL

Managing Risk and Information Security Book Review:

Managing Risk and Information Security: Protect to Enable, an ApressOpen title, describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This compact book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk. With ApressOpen, content is freely available through multiple online distribution channels and electronic formats with the goal of disseminating professionally edited and technically reviewed content to the worldwide community. Here are some of the responses from reviewers of this exceptional work: “Managing Risk and Information Security is a perceptive, balanced, and often thought-provoking exploration of evolving information risk and security challenges within a business context. Harkins clearly connects the needed, but often-overlooked linkage and dialog between the business and technical worlds and offers actionable strategies. The book contains eye-opening security insights that are easily understood, even by the curious layman.” Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel “As disruptive technology innovations and escalating cyber threats continue to create enormous information security challenges, Managing Risk and Information Security: Protect to Enable provides a much-needed perspective. This book compels information security professionals to think differently about concepts of risk management in order to be more effective. The specific and practical guidance offers a fast-track formula for developing information security strategies which are lock-step with business priorities.” Laura Robinson, Principal, Robinson Insight Chair, Security for Business Innovation Council (SBIC) Program Director, Executive Security Action Forum (ESAF) “The mandate of the information security function is being completely rewritten. Unfortunately most heads of security haven’t picked up on the change, impeding their companies’ agility and ability to innovate. This book makes the case for why security needs to change, and shows how to get started. It will be regarded as marking the turning point in information security for years to come.” Dr. Jeremy Bergsman, Practice Manager, CEB “The world we are responsible to protect is changing dramatically and at an accelerating pace. Technology is pervasive in virtually every aspect of our lives. Clouds, virtualization and mobile are redefining computing – and they are just the beginning of what is to come. Your security perimeter is defined by wherever your information and people happen to be. We are attacked by professional adversaries who are better funded than we will ever be. We in the information security profession must change as dramatically as the environment we protect. We need new skills and new strategies to do our jobs effectively. We literally need to change the way we think. Written by one of the best in the business, Managing Risk and Information Security challenges traditional security theory with clear examples of the need for change. It also provides expert advice on how to dramatically increase the success of your security strategy and methods – from dealing with the misperception of risk to how to become a Z-shaped CISO. Managing Risk and Information Security is the ultimate treatise on how to deliver effective security to the world we live in for the next 10 years. It is absolute must reading for anyone in our profession – and should be on the desk of every CISO in the world.” Dave Cullinane, CISSP CEO Security Starfish, LLC “In this overview, Malcolm Harkins delivers an insightful survey of the trends, threats, and tactics shaping information risk and security. From regulatory compliance to psychology to the changing threat context, this work provides a compelling introduction to an important topic and trains helpful attention on the effects of changing technology and management practices.” Dr. Mariano-Florentino Cuéllar Professor, Stanford Law School Co-Director, Stanford Center for International Security and Cooperation (CISAC), Stanford University “Malcolm Harkins gets it. In his new book Malcolm outlines the major forces changing the information security risk landscape from a big picture perspective, and then goes on to offer effective methods of managing that risk from a practitioner's viewpoint. The combination makes this book unique and a must read for anyone interested in IT risk." Dennis Devlin AVP, Information Security and Compliance, The George Washington University “Managing Risk and Information Security is the first-to-read, must-read book on information security for C-Suite executives. It is accessible, understandable and actionable. No sky-is-falling scare tactics, no techno-babble – just straight talk about a critically important subject. There is no better primer on the economics, ergonomics and psycho-behaviourals of security than this.” Thornton May, Futurist, Executive Director & Dean, IT Leadership Academy “Managing Risk and Information Security is a wake-up call for information security executives and a ray of light for business leaders. It equips organizations with the knowledge required to transform their security programs from a “culture of no” to one focused on agility, value and competitiveness. Unlike other publications, Malcolm provides clear and immediately applicable solutions to optimally balance the frequently opposing needs of risk reduction and business growth. This book should be required reading for anyone currently serving in, or seeking to achieve, the role of Chief Information Security Officer.” Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, VISA “For too many years, business and security – either real or imagined – were at odds. In Managing Risk and Information Security: Protect to Enable, you get what you expect – real life practical ways to break logjams, have security actually enable business, and marries security architecture and business architecture. Why this book? It's written by a practitioner, and not just any practitioner, one of the leading minds in Security today.” John Stewart, Chief Security Officer, Cisco “This book is an invaluable guide to help security professionals address risk in new ways in this alarmingly fast changing environment. Packed with examples which makes it a pleasure to read, the book captures practical ways a forward thinking CISO can turn information security into a competitive advantage for their business. This book provides a new framework for managing risk in an entertaining and thought provoking way. This will change the way security professionals work with their business leaders, and help get products to market faster. The 6 irrefutable laws of information security should be on a stone plaque on the desk of every security professional.” Steven Proctor, VP, Audit & Risk Management, Flextronics

CISO COMPASS

CISO COMPASS
Author: Todd Fitzgerald
Publsiher: CRC Press
Total Pages: 526
Release: 2018-11-21
ISBN 10: 0429677847
ISBN 13: 9780429677847
Language: EN, FR, DE, ES & NL

CISO COMPASS Book Review:

Todd Fitzgerald, co-author of the ground-breaking (ISC)2 CISO Leadership: Essential Principles for Success, Information Security Governance Simplified: From the Boardroom to the Keyboard, co-author for the E-C Council CISO Body of Knowledge, and contributor to many others including Official (ISC)2 Guide to the CISSP CBK, COBIT 5 for Information Security, and ISACA CSX Cybersecurity Fundamental Certification, is back with this new book incorporating practical experience in leading, building, and sustaining an information security/cybersecurity program. CISO COMPASS includes personal, pragmatic perspectives and lessons learned of over 75 award-winning CISOs, security leaders, professional association leaders, and cybersecurity standard setters who have fought the tough battle. Todd has also, for the first time, adapted the McKinsey 7S framework (strategy, structure, systems, shared values, staff, skills and style) for organizational effectiveness to the practice of leading cybersecurity to structure the content to ensure comprehensive coverage by the CISO and security leaders to key issues impacting the delivery of the cybersecurity strategy and demonstrate to the Board of Directors due diligence. The insights will assist the security leader to create programs appreciated and supported by the organization, capable of industry/ peer award-winning recognition, enhance cybersecurity maturity, gain confidence by senior management, and avoid pitfalls. The book is a comprehensive, soup-to-nuts book enabling security leaders to effectively protect information assets and build award-winning programs by covering topics such as developing cybersecurity strategy, emerging trends and technologies, cybersecurity organization structure and reporting models, leveraging current incidents, security control frameworks, risk management, laws and regulations, data protection and privacy, meaningful policies and procedures, multi-generational workforce team dynamics, soft skills, and communicating with the Board of Directors and executive management. The book is valuable to current and future security leaders as a valuable resource and an integral part of any college program for information/ cybersecurity.

Managing an Information Security and Privacy Awareness and Training Program

Managing an Information Security and Privacy Awareness and Training Program
Author: Rebecca Herold
Publsiher: CRC Press
Total Pages: 552
Release: 2005-04-26
ISBN 10: 1420031252
ISBN 13: 9781420031256
Language: EN, FR, DE, ES & NL

Managing an Information Security and Privacy Awareness and Training Program Book Review:

Managing an Information Security and Privacy Awareness and Training Program provides a starting point and an all-in-one resource for infosec and privacy education practitioners who are building programs for their organizations. The author applies knowledge obtained through her work in education, creating a comprehensive resource of nearly everything involved with managing an infosec and privacy training course. This book includes examples and tools from a wide range of businesses, enabling readers to select effective components that will be beneficial to their enterprises. The text progresses from the inception of an education program through development, implementation, delivery, and evaluation.

Managing Risk and Information Security

Managing Risk and Information Security
Author: Malcolm W. Harkins
Publsiher: Apress
Total Pages: 187
Release: 2016-08-11
ISBN 10: 1484214552
ISBN 13: 9781484214558
Language: EN, FR, DE, ES & NL

Managing Risk and Information Security Book Review:

Examine the evolving enterprise security landscape and discover how to manage and survive risk. While based primarily on the author’s experience and insights at major companies where he has served as CISO and CSPO, the book also includes many examples from other well-known companies and provides guidance for a management-level audience. Managing Risk and Information Security provides thought leadership in the increasingly important area of enterprise information risk and security. It describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology not only for internal operations but increasing as a part of product or service creation, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This edition discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities and offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk. What You'll Learn Review how people perceive risk and the effects it has on information security See why different perceptions of risk within an organization matters Understand and reconcile these differing risk views Gain insights into how to safely enable the use of new technologies Who This Book Is For The primary audience is CIOs and other IT leaders, CISOs and other information security leaders, IT auditors, and other leaders of corporate governance and risk functions. The secondary audience is CEOs, board members, privacy professionals, and less senior-level information security and risk professionals. "Harkins’ logical, methodical approach as a CISO to solving the most complex cybersecurity problems is reflected in the lucid style of this book. His enlightened approach to intelligence-based security infrastructure and risk mitigation is our best path forward if we are ever to realize the vast potential of the innovative digital world we are creating while reducing the threats to manageable levels. The author shines a light on that path in a comprehensive yet very readable way." —Art Coviello, Former CEO and Executive Chairman, RSA

Fight Fire with Fire

Fight Fire with Fire
Author: Renee Tarun
Publsiher: John Wiley & Sons
Total Pages: 240
Release: 2021-09-14
ISBN 10: 111985427X
ISBN 13: 9781119854272
Language: EN, FR, DE, ES & NL

Fight Fire with Fire Book Review:

Organizations around the world are in a struggle for survival, racing to transform themselves in a herculean effort to adapt to the digital age, all while protecting themselves from headline-grabbing cybersecurity threats. As organizations succeed or fail, the centrality and importance of cybersecurity and the role of the CISO—Chief Information Security Officer—becomes ever more apparent. It’s becoming clear that the CISO, which began as a largely technical role, has become nuanced, strategic, and a cross-functional leadership position. Fight Fire with Fire: Proactive Cybersecurity Strategies for Today’s Leaders explores the evolution of the CISO’s responsibilities and delivers a blueprint to effectively improve cybersecurity across an organization. Fight Fire with Fire draws on the deep experience of its many all-star contributors. For example: Learn how to talk effectively with the Board from engineer-turned-executive Marianne Bailey, a top spokesperson well-known for global leadership in cyber Discover how to manage complex cyber supply chain risk with Terry Roberts, who addresses this complex area using cutting-edge technology and emerging standards Tame the exploding IoT threat landscape with Sonia Arista, a CISO with decades of experience across sectors, including healthcare where edge devices monitor vital signs and robots perform surgery These are just a few of the global trailblazers in cybersecurity who have banded together to equip today’s leaders to protect their enterprises and inspire tomorrow’s leaders to join them. With fires blazing on the horizon, there is no time for a seminar or boot camp. Cyber leaders need information at their fingertips. Readers will find insight on how to close the diversity and skills gap and become well-versed in modern cyber threats, including attacks coming from organized crime and nation-states. This book highlights a three-pronged approach that encompasses people, process, and technology to empower everyone to protect their organization. From effective risk management to supply chain security and communicating with the board, Fight Fire with Fire presents discussions from industry leaders that cover every critical competency in information security. Perfect for IT and information security professionals seeking perspectives and insights they can’t find in certification exams or standard textbooks, Fight Fire with Fire is an indispensable resource for everyone hoping to improve their understanding of the realities of modern cybersecurity through the eyes of today’s top security leaders.

Building a Comprehensive IT Security Program

Building a Comprehensive IT Security Program
Author: Jeremy Wittkop
Publsiher: Apress
Total Pages: 195
Release: 2016-07-28
ISBN 10: 9781484220528
ISBN 13: 1484220528
Language: EN, FR, DE, ES & NL

Building a Comprehensive IT Security Program Book Review:

This book explains the ongoing war between private business and cyber criminals, state-sponsored attackers, terrorists, and hacktivist groups. Further, it explores the risks posed by trusted employees that put critical information at risk through malice, negligence, or simply making a mistake. It clarifies the historical context of the current situation as it relates to cybersecurity, the challenges facing private business, and the fundamental changes organizations can make to better protect themselves. The problems we face are difficult, but they are not hopeless. Cybercrime continues to grow at an astounding rate. With constant coverage of cyber-attacks in the media, there is no shortage of awareness of increasing threats. Budgets have increased and executives are implementing stronger defenses. Nonetheless, breaches continue to increase in frequency and scope. Building a Comprehensive IT Security Program shares why organizations continue to fail to secure their critical information assets and explains the internal and external adversaries facing organizations today. This book supplies the necessary knowledge and skills to protect organizations better in the future by implementing a comprehensive approach to security. Jeremy Wittkop’s security expertise and critical experience provides insights into topics such as: Who is attempting to steal information and why? What are critical information assets? How are effective programs built? How is stolen information capitalized? How do we shift the paradigm to better protect our organizations? How we can make the cyber world safer for everyone to do business?

Managing Risk and Information Security

Managing Risk and Information Security
Author: Malcolm Harkins
Publsiher: Apress
Total Pages: 152
Release: 2013-03-21
ISBN 10: 143025114X
ISBN 13: 9781430251149
Language: EN, FR, DE, ES & NL

Managing Risk and Information Security Book Review:

Managing Risk and Information Security: Protect to Enable, an ApressOpen title, describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This compact book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk. With ApressOpen, content is freely available through multiple online distribution channels and electronic formats with the goal of disseminating professionally edited and technically reviewed content to the worldwide community. Here are some of the responses from reviewers of this exceptional work: “Managing Risk and Information Security is a perceptive, balanced, and often thought-provoking exploration of evolving information risk and security challenges within a business context. Harkins clearly connects the needed, but often-overlooked linkage and dialog between the business and technical worlds and offers actionable strategies. The book contains eye-opening security insights that are easily understood, even by the curious layman.” Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel “As disruptive technology innovations and escalating cyber threats continue to create enormous information security challenges, Managing Risk and Information Security: Protect to Enable provides a much-needed perspective. This book compels information security professionals to think differently about concepts of risk management in order to be more effective. The specific and practical guidance offers a fast-track formula for developing information security strategies which are lock-step with business priorities.” Laura Robinson, Principal, Robinson Insight Chair, Security for Business Innovation Council (SBIC) Program Director, Executive Security Action Forum (ESAF) “The mandate of the information security function is being completely rewritten. Unfortunately most heads of security haven’t picked up on the change, impeding their companies’ agility and ability to innovate. This book makes the case for why security needs to change, and shows how to get started. It will be regarded as marking the turning point in information security for years to come.” Dr. Jeremy Bergsman, Practice Manager, CEB “The world we are responsible to protect is changing dramatically and at an accelerating pace. Technology is pervasive in virtually every aspect of our lives. Clouds, virtualization and mobile are redefining computing – and they are just the beginning of what is to come. Your security perimeter is defined by wherever your information and people happen to be. We are attacked by professional adversaries who are better funded than we will ever be. We in the information security profession must change as dramatically as the environment we protect. We need new skills and new strategies to do our jobs effectively. We literally need to change the way we think. Written by one of the best in the business, Managing Risk and Information Security challenges traditional security theory with clear examples of the need for change. It also provides expert advice on how to dramatically increase the success of your security strategy and methods – from dealing with the misperception of risk to how to become a Z-shaped CISO. Managing Risk and Information Security is the ultimate treatise on how to deliver effective security to the world we live in for the next 10 years. It is absolute must reading for anyone in our profession – and should be on the desk of every CISO in the world.” Dave Cullinane, CISSP CEO Security Starfish, LLC “In this overview, Malcolm Harkins delivers an insightful survey of the trends, threats, and tactics shaping information risk and security. From regulatory compliance to psychology to the changing threat context, this work provides a compelling introduction to an important topic and trains helpful attention on the effects of changing technology and management practices.” Dr. Mariano-Florentino Cuéllar Professor, Stanford Law School Co-Director, Stanford Center for International Security and Cooperation (CISAC), Stanford University “Malcolm Harkins gets it. In his new book Malcolm outlines the major forces changing the information security risk landscape from a big picture perspective, and then goes on to offer effective methods of managing that risk from a practitioner's viewpoint. The combination makes this book unique and a must read for anyone interested in IT risk." Dennis Devlin AVP, Information Security and Compliance, The George Washington University “Managing Risk and Information Security is the first-to-read, must-read book on information security for C-Suite executives. It is accessible, understandable and actionable. No sky-is-falling scare tactics, no techno-babble – just straight talk about a critically important subject. There is no better primer on the economics, ergonomics and psycho-behaviourals of security than this.” Thornton May, Futurist, Executive Director & Dean, IT Leadership Academy “Managing Risk and Information Security is a wake-up call for information security executives and a ray of light for business leaders. It equips organizations with the knowledge required to transform their security programs from a “culture of no” to one focused on agility, value and competitiveness. Unlike other publications, Malcolm provides clear and immediately applicable solutions to optimally balance the frequently opposing needs of risk reduction and business growth. This book should be required reading for anyone currently serving in, or seeking to achieve, the role of Chief Information Security Officer.” Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, VISA “For too many years, business and security – either real or imagined – were at odds. In Managing Risk and Information Security: Protect to Enable, you get what you expect – real life practical ways to break logjams, have security actually enable business, and marries security architecture and business architecture. Why this book? It's written by a practitioner, and not just any practitioner, one of the leading minds in Security today.” John Stewart, Chief Security Officer, Cisco “This book is an invaluable guide to help security professionals address risk in new ways in this alarmingly fast changing environment. Packed with examples which makes it a pleasure to read, the book captures practical ways a forward thinking CISO can turn information security into a competitive advantage for their business. This book provides a new framework for managing risk in an entertaining and thought provoking way. This will change the way security professionals work with their business leaders, and help get products to market faster. The 6 irrefutable laws of information security should be on a stone plaque on the desk of every security professional.” Steven Proctor, VP, Audit & Risk Management, Flextronics

CISO Leadership

CISO Leadership
Author: Todd Fitzgerald,Micki Krause
Publsiher: CRC Press
Total Pages: 312
Release: 2007-12-22
ISBN 10: 9780849379444
ISBN 13: 084937944X
Language: EN, FR, DE, ES & NL

CISO Leadership Book Review:

Caught in the crosshairs of “Leadership” and “Information Technology”, Information Security professionals are increasingly tapped to operate as business executives. This often puts them on a career path they did not expect, in a field not yet clearly defined. IT training does not usually includemanagerial skills such as leadership, team-building, communication, risk assessment, and corporate business savvy, needed by CISOs. Yet a lack in any of these areas can short circuit a career in information security. CISO Leadership: Essential Principles for Success captures years of hard knocks, success stories, and yes, failures. This is not a how-to book or a collection of technical data. It does not cover products or technology or provide a recapitulation of the common body of knowledge. The book delineates information needed by security leaders and includes from-the-trenches advice on how to have a successful career in the field. With a stellar panel of contributors including William H. Murray, Harry Demaio, James Christiansen, Randy Sanovic, Mike Corby, Howard Schmidt, and other thought leaders, the book brings together the collective experience of trail blazers. The authors have learned through experience—been there, done that, have the t-shirt—and yes, the scars. A glance through the contents demonstrates the breadth and depth of coverage, not only in topics included but also in expertise provided by the chapter authors. They are the pioneers, who, while initially making it up as they went along, now provide the next generation of information security professionals with a guide to success.