Eugene M Fredriksen
March 13, 2017
by Auerbach Publications
Reference - 296 Pages - 10 B/W Illustrations
ISBN 9781138197398 - CAT# K31269
Series: Internal Audit and IT Audit
The book takes readers though a series of security and risk discussions based on real-life experiences. While the experience story may not be technical, it will relate specifically to a value or skill critical to being a successful CISO. The core content is organized into ten major chapters, each relating to a "Rule of Information Security" developed through a career of real life experiences. The elements are selected to accelerate the development of CISO skills critical to success. Each segments clearly calls out lessons learned and skills to be developed. The last segment of the book addresses presenting security to senior execs and board members, and provides sample content and materials.
The CISO as a Business Partner: Balancing Business Need with Security Need. Serving Executive Management and the Board. Gaining a Seat at the Table. Adding Value While Meeting Security and Regulatory Needs and Mandates. Addressing Issues When Management Objects. Can Your CISO Role Be Viewed as Strategic Value Add. The Ten Rules and How They Impact the Business and Your Career Path: Explaining Security and Risk Issues Clearly and Succinctly. Methods for Implementing Cultural Change to Build Security. Management Expectations vs. Security Policy and How to Resolve Conflicts. Clear, Simple Examples of Implementing Basic Risk Analysis Processes. Developing Clear Key Risk Indicators and Metrics that Yield Business Value. Methods to Build a Clear, Concise Information Security Strategic Plan. Developing the Written Informaiton Security Plan. Talking to Executive Management and the Board and Career Development: Emerging SEC Regulations Require CISO to Brief Board and Provide Education. Dealing with "Shadow IT". Building an Experiential Portfolio to be an Effective CISO. Building Trust with Executive Management. Outsourcing, Co-sourcing, and In-sourcing Keys and Challenges. Maintaining Appropriate Skill Sets and Knowledge within Information Security