The Chief Security Officer: A Guide to Protecting People, Facilities, and Information / Edition 1
by Michael Gentile, Thomas D. August, Ron Collette, Thomas D. August
The CISO Handbook: A Practical Guide to Securing Your Company provides unique insights and guidance into designing and implementing an information security program, delivering true value to the stakeholders of a company. The authors present several essential high-level concepts before building a robust framework that will enable you to map the concepts to your
… See more details belowOverview
The CISO Handbook: A Practical Guide to Securing Your Company provides unique insights and guidance into designing and implementing an information security program, delivering true value to the stakeholders of a company. The authors present several essential high-level concepts before building a robust framework that will enable you to map the concepts to your company’s environment.
The book is presented in chapters that follow a consistent methodology – Assess, Plan, Design, Execute, and Report. The first chapter, Assess, identifies the elements that drive the need for infosec programs, enabling you to conduct an analysis of your business and regulatory requirements. Plan discusses how to build the foundation of your program, allowing you to develop an executive mandate, reporting metrics, and an organizational matrix with defined roles and responsibilities. Design demonstrates how to construct the policies and procedures to meet your identified business objectives, explaining how to perform a gap analysis between the existing environment and the desired end-state, define project requirements, and assemble a rough budget. Execute emphasizes the creation of a successful execution model for the implementation of security projects against the backdrop of common business constraints. Report focuses on communicating back to the external and internal stakeholders with information that fits the various audiences.
Each chapter begins with an Overview, followed by Foundation Concepts that are critical success factors to understanding the material presented. The chapters also contain a Methodology section that explains the steps necessary to achieve the goals of the particular chapter.
Product Details
- ISBN-13:
- 9780849319525
- Publisher:
- Taylor & Francis
- Publication date:
- 08/19/2005
- Edition description:
- New Edition
- Pages:
- 348
- Product dimensions:
- 6.30(w) x 9.10(h) x 1.00(d)
Table of Contents
Assess
Overview
Foundation Concepts
Critical Skills
Consultative Sales Skills
Critical Knowledge
Understanding Your Business
Understanding Risk
Understanding Your Enterprise Differentiators
Understanding Your Legal and Regulatory Environment
Understanding Your Organizational Structure
Understanding Your Organizational Dynamics
Enterprise Culture
Understanding your Enterprise’s View of Technology
Assessment Methodology
Identifying your Program’s Primary Driver
Why Are You Here?
Stakeholders
Identifying your External Drivers
Other External Drivers
Identifying your Internal Drivers
Assessment Checklist
Plan
Overview
Foundation Concepts
Critical Skills
Visioning
Strategic Planning
Negotiating
Marketing
Talent Assessment
Critical Skills Summary
Critical Knowledge
ISC2 Common Body of Knowledge [CBK]
Other Security Industry Resources
Planning Methodology
Understanding your Program’s Mandate
Determining Your Program’s Structure
Centralized vs. Decentralized
Security Pipeline
Size of Your Program
Security Program Structure Summary
Determining Your Program’s Staffing
Planning Summary
Planning Checklist
Design
Overview
Foundation Concepts
Critical Skills
Critical Knowledge
Methodology
Preview
Security Document Development
Project Portfolio Development
Communication Plan Development
Incorporating your Enterprise Drivers
Requirements
Gap Analysis
Building Security Policies, Standards, Procedures, And Guidelines
Build Security Documents Summary
Building the Security Project Portfolio
Annual Portfolio Review
Build the Communication Plan
Chapter Summary
Design Checklist
Execute
Overview
Foundation Concepts
Preview
Critical Skills
Critical Knowledge
Methodology
Project Execution
Administrative Cleanup
Chapter Summary
Report
Overview
Foundation Concepts
Critical Skills
Critical Knowledge
Marketing
Methodology
Report Construction Process
Determine Target Audience
Delivery Mechanisms
Chapter Summary
The Final Phase
Overview
Back To the Beginning
Parting Thoughts
Appendix A Design Chapter Worksheets
Appendix B Report Creation Process Worksheet
Appendix C Requirements Sample
Appendix D SDLC Checklist
Appendix E Recommended Reading
Customer Reviews
Average Review: