Overview
Protecting information systems to reduce the risk of security incidents is critical for organizations today. This writing provides instruction for security leaders on the processes and techniques for managing a security program. It contains practical information on the breadth of information security topics, referring to many other writings that provide details on technical security topics. This provides foundation for a security program responsive to technology developments and an evolving threat environment. The security leader may be engaged by an organization that is in crisis, where the priority action is to recover from a serious incident. This work offers foundation knowledge for the security leader to immediately apply to the organization's security program while improving it to the next level, organized by development stage: - Reactive--focused on incident detection and response - Planned--control requirements, compliance and reporting - Managed--integrated security business processes The security leader must also communicate with the organization executive, whose focus is on results such as increasing revenues or reducing costs. The security leader may initially be welcomed as the wizard who applies mysterious skills to resolve an embarrassing incident. But the organization executive will lose patience with a perpetual crisis and demand concrete results. This writing explains how to communicate in terms executives understand.
Full Product Details
Author: Christopher T Carlson
Publisher: Universal Publishers
Imprint: Universal Publishers
Dimensions:
Width: 15.60cm
, Height: 1.70cm
, Length: 23.40cm
Weight: 0.435kg
ISBN: 9781627342766
ISBN 10: 1627342761
Pages: 308
Publication Date: 15 November 2019
Audience:
General/trade
,
General
Format: Paperback
Publisher's Status: Active
Availability: Available To Order
We have confirmation that this item is in stock with the supplier. It will be ordered in for you and dispatched immediately.
Reviews
Chris has a depth of knowledge and understanding with a rational approach to information security born from a career as a practitioner and leader. I really like his practical methodology to solving what appears to be a complex issue, simplifying the approach to identifying the challenges and presenting solutions. He outlines the necessity to fully understand the lifecycle of cyber security; identifying the issues, cataloguing your assets, defining responsibilities so that you can hold people to account, mapping your control frameworks, identifying your dependencies including your people and your third parties, exercising your crisis plans, then to reporting on the status. 'Plan--Do--Check--Act!' Kevin Williams, Head of the International Information Integrity Institute Chris offers practical instructions and real-world examples of how to approach, describe, and action the mystical world of cyber security. Leveraging his 35+ years of experience he shows cyber professional how to dissect problems into logical, achievable results for both technical staff and senior management. His conversational writing style, meaningful examples, and sequencing of actions allows the reader to define a roadmap that is tailored to their organizational maturity and structure. New cyber security professionals will welcome this how-to guide, while seasoned professionals will recognize the many deliverables they have left undone. Yet, the greatest gift for the reader is new insight on how good cyber practices allow you to quantify risk. Chris' introduction to the FAIR methodology de-mystifies the quantification of risk, empowers senior managers to make more informed decisions and defines critical priorities for the cyber teams. Keith H. Herndon, VP of Cyber Security and Chief Information Security Officer, Baker Hughes One of the hardest decisions a chief information security officer faces is defining the right problem solve. In this book, Chris describes the approach to solve the right problem, that of how to effectively manage the risk of information technology. He presents a refreshingly pragmatic approach ranging from immediate crisis management through cost benefit analysis of an information security strategy. In this way, he takes the CISO on a path of maturity from a novice incident fire fighter to a mature, strategic organizational leader. By reading and applying this book, information security professionals everywhere will learn tactical and strategic action they can take now to build more effective security organizations. Mike Jerbic, Chair, The Open Group Security Forum How to Manage Cybersecurity Risk is a phenomenal resource for those people who want to do risk management right. It is a wealth of experience from a passionate, seasoned professional who has tackled some of the industry's biggest risk scenarios and problems. It is a must have for both experienced GRC professionals as well as those new to this growing industry. Alex Hutton, Security Executive
Author Information
Christopher T. Carlson is a pioneer, having arrived in his first computing security assignment at the dawn of the field in 1982. He created or substantially evolved practices in his security assignments including classified computing security, computing security policy and controls, security awareness, business unit security support, security assessments, access administration including role-based access, risk analysis and management, application security development life cycle, and international security. The goal of this writing is to provide lessons from the field so that those who follow need not start from scratch.
