If you're a cybersecurity professional, then you know how it often seems that no one cares about (or understands) information security. InfoSec professionals frequently struggle to integrate security into their companies' processes. Many are at odds with their organizations. Most are under-resourced. There must be a better way. This essential manager's guide offers a new approach to building and maintaining an information security program that's both effective and easy to follow.
Author and longtime chief information security officer (CISO) Todd Barnum upends the assumptions security professionals take for granted. CISOs, chief security officers, chief information officers, and IT security professionals will learn a simple seven-step process for building a new program or improving a current one.
Chapter 1. The Odds Are Against You
Chapter 2. The Science of Our Business: The Eight Domains
Chapter 3. The Art of Our Business: The Seven Steps
Chapter 4. Step 1: Cultivate Relationships
Chapter 5. Step 2: Ensure Alignment
Chapter 6. Step 3: Use the Four Cornerstones to Lay the Foundation of Your Program
Chapter 7. Step 4: Use Communications to Get the Message Out
Chapter 8. Step 5: Give Your Job Away... It’s Your Only Hope
Chapter 9. Step 6: Organize Your InfoSec Team
Chapter 10. Step 7: Measure What Matters
Chapter 11. Working with the Audit Team