The CISO Handbook: A Practical Guide to Securing Your Company

Michael Gentile, Ron Collette, Thomas D. August

August 24, 2005 by Auerbach Publications
Reference - 348 Pages - 49 B/W Illustrations
ISBN 9780849319525 - CAT# AU1952

was $89.95

USD$71.96

SAVE ~$17.99

Add to Wish List
FREE Standard Shipping!

Features

  • Offers a comprehensive roadmap for designing and implementing an effective infosec program based on real world scenarios
  • Builds a bridge between high-level theory and practical execution
  • Provides a set of practices that security professionals can use every day
  • Illustrates practical issues often overlooked by theoretical texts
  • Outlines a framework that can be expanded or contracted to meet your company’s needs
  • Serves as an integrated and modular resource in which chapters can be read in any order as needed
  • Summary

    The CISO Handbook: A Practical Guide to Securing Your Company provides unique insights and guidance into designing and implementing an information security program, delivering true value to the stakeholders of a company. The authors present several essential high-level concepts before building a robust framework that will enable you to map the concepts to your company’s environment.

    The book is presented in chapters that follow a consistent methodology – Assess, Plan, Design, Execute, and Report. The first chapter, Assess, identifies the elements that drive the need for infosec programs, enabling you to conduct an analysis of your business and regulatory requirements. Plan discusses how to build the foundation of your program, allowing you to develop an executive mandate, reporting metrics, and an organizational matrix with defined roles and responsibilities. Design demonstrates how to construct the policies and procedures to meet your identified business objectives, explaining how to perform a gap analysis between the existing environment and the desired end-state, define project requirements, and assemble a rough budget. Execute emphasizes the creation of a successful execution model for the implementation of security projects against the backdrop of common  business constraints. Report focuses on communicating back to the external and internal stakeholders with information that fits the various audiences.

    Each chapter begins with an Overview, followed by Foundation Concepts that are critical success factors to understanding the material presented. The chapters also contain a Methodology section that explains the steps necessary to achieve the goals of the particular chapter.