The CISO Handbook: A PRACTICAL GUIDE TO SECURING YOUR COMPANY

Published:
August 24, 2005 by Auerbach Publications - 352 Pages
Author(s):
Michael Gentile, CISOHandbook.com & Traxx Consulting Services, Newport Beach, California, USA; Ron Collette, CISOHandbook.com & Traxx Consulting Services, Newport Beach, California, USA; Thomas D. August, Sony Corporation of America, San Diego, California, USA

Purchasing Options

Hardback
$79.95
Add to cart
ISBN 9780849319525
Cat# AU1952
 

Features

  • Offers a comprehensive roadmap for designing and implementing an effective infosec program based on real world scenarios
  • Builds a bridge between high-level theory and practical execution
  • Provides a set of practices that security professionals can use every day
  • Illustrates practical issues often overlooked by theoretical texts
  • Outlines a framework that can be expanded or contracted to meet your company’s needs
  • Serves as an integrated and modular resource in which chapters can be read in any order as needed

    • Summary

    The CISO Handbook: A Practical Guide to Securing Your Company provides unique insights and guidance into designing and implementing an information security program, delivering true value to the stakeholders of a company. The authors present several essential high-level concepts before building a robust framework that will enable you to map the concepts to your company’s environment.

    The book is presented in chapters that follow a consistent methodology – Assess, Plan, Design, Execute, and Report. The first chapter, Assess, identifies the elements that drive the need for infosec programs, enabling you to conduct an analysis of your business and regulatory requirements. Plan discusses how to build the foundation of your program, allowing you to develop an executive mandate, reporting metrics, and an organizational matrix with defined roles and responsibilities. Design demonstrates how to construct the policies and procedures to meet your identified business objectives, explaining how to perform a gap analysis between the existing environment and the desired end-state, define project requirements, and assemble a rough budget. Execute emphasizes the creation of a successful execution model for the implementation of security projects against the backdrop of common  business constraints. Report focuses on communicating back to the external and internal stakeholders with information that fits the various audiences.

    Each chapter begins with an Overview, followed by Foundation Concepts that are critical success factors to understanding the material presented. The chapters also contain a Methodology section that explains the steps necessary to achieve the goals of the particular chapter.

    Table of Contents

    Assess 
    Overview
    Foundation Concepts
    Critical Skills
    Consultative Sales Skills
    Critical Knowledge
    Understanding Your Business
    Understanding Risk
    Understanding Your Enterprise Differentiators      
    Understanding Your Legal and Regulatory Environment    
    Understanding Your Organizational Structure       
    Understanding Your Organizational Dynamics     
    Enterprise Culture         
    Understanding your Enterprise’s View of Technology        
    Assessment Methodology         
    Identifying your Program’s Primary Driver
    Why Are You Here?                  
    Stakeholders    
    Identifying your External Drivers              
    Other External Drivers   
    Identifying your Internal Drivers   
    Assessment Checklist  
    Plan    
    Overview           
    Foundation Concepts    
    Critical Skills    
    Visioning          
    Strategic Planning         
    Negotiating       
    Marketing         
    Talent Assessment       
    Critical Skills Summary 
    Critical Knowledge        
    ISC2 Common Body of Knowledge [CBK] 
    Other Security Industry Resources         
    Planning Methodology   
    Understanding your Program’s Mandate              
    Determining Your Program’s Structure    
    Centralized vs. Decentralized     
    Security Pipeline           
    Size of Your Program    
    Security Program Structure Summary     
    Determining Your Program’s Staffing       
    Planning Summary        
    Planning Checklist        
               
    Design
    Overview           
    Foundation Concepts    
    Critical Skills    
    Critical Knowledge        
    Methodology     
    Preview
    Security Document Development
    Project Portfolio Development     
    Communication Plan Development          
    Incorporating your Enterprise Drivers       
    Requirements   
    Gap Analysis    
    Building Security Policies, Standards, Procedures, And Guidelines           
    Build Security Documents Summary      
    Building the Security Project Portfolio     
    Annual Portfolio Review 
    Build the Communication Plan               
    Chapter Summary         
    Design Checklist           
    Execute          
    Overview           
    Foundation Concepts    
    Preview
    Critical Skills    
    Critical Knowledge        
    Methodology     
    Project Execution         
    Administrative Cleanup  
    Chapter Summary         
    Report 
    Overview           
    Foundation Concepts    
    Critical Skills    
    Critical Knowledge        
    Marketing         
    Methodology     
    Report Construction Process     
    Determine Target Audience        
    Delivery Mechanisms    
    Chapter Summary         
               
    The Final Phase         
    Overview           
    Back To the Beginning  
    Parting Thoughts           
               
    Appendix A      Design Chapter Worksheets    
    Appendix B      Report Creation Process Worksheet   
    Appendix C      Requirements Sample
    Appendix D      SDLC Checklist           
    Appendix E      Recommended Reading         

    Related Titles