CISO Handbook A Practical Guide to Securing Your Company

ISBN-10: 0849319528

ISBN-13: 9780849319525

Edition: 2005

List price: $87.95
eBook available
30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy

Description:

This handbook provides practical guidance into designing and implementing an information security program that delivers true value to the stakeholders of a company.The authors present essential high-level concepts before building a robust framework that you can use to map the concepts to your company's environment. The book presents chapters in a consistent methodology - Assess, Plan, Design, Execute, and Report. Each chapter begins with an Overview, followed by Foundation Concepts that are critical success factors to understanding the material presented. The chapters also contain a Methodology section that explains the steps necessary to achieve the goals of the chapter.
eBooks Starting from $35.98
Rent eBooks
Buy eBooks
what's this?
Rush Rewards U
Members Receive:
coins
coins
You have reached 400 XP and carrot coins. That is the daily max!
Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Add to cart
Study Briefs
SQL Online content $4.95 $1.99
Add to cart
Study Briefs
MS Excel® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS Word® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS PowerPoint® 2010 Online content $4.95 $1.99
Customers also bought
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading

Book details

List price: $87.95
Copyright year: 2005
Publisher: Auerbach Publishers, Incorporated
Publication date: 8/24/2005
Binding: Hardcover
Pages: 352
Size: 6.50" wide x 9.50" long x 1.00" tall
Weight: 1.584
Language: English

Forward
Acknowledgments
Team Acknowledgment
Organizations We Would Like to Thank
Introduction
Overview
Assess
Overview
Foundation Concepts
Critical Skills
Consultative Sales Skills
Enabling New Business Opportunities
Reducing Business Risk
Critical Knowledge
Understanding Your Business
Understanding Risk
Understanding Your Enterprise Differentiators
Understanding Your Legal and Regulatory Environment
Understanding Your Organizational Structure
Understanding Your Organizational Dynamics
Enterprise Culture
Understanding Your Enterprise's View of Technology
Assessment Methodology
Identifying Your Program's Primary Driver
Why Are You Here?
Stakeholders
Types of Stakeholders
Identifying Your External Drivers
Regulatory/Audit Environment
Other External Drivers
Identifying Your Internal Drivers
Political Climate
Who Is on Your Team?
The Enterprise's Business
Financial Environment
Technical Environment
Industry
Assessment Checklist
Plan
Overview
Foundation Concepts
Critical Skills
Visioning
Strategic Planning
Negotiating
Marketing
Talent Assessment
Critical Skills Summary
Critical Knowledge
ISC[superscript 2] Common Body of Knowledge (CBK)
Other Security Industry Resources
Planning Methodology
Understanding Your Program's Mandate
Determining Your Program Mission
Mission Statements
Building Your Mission Statement
Determining Your Program's Structure
Operational Versus Non-Operational
Size of Your Enterprise
Political Climate
Centralized Versus Decentralized
Common Reasons for Choosing a Centralized Model
Common Reasons for Choosing a De-Centralized Model
Security Pipeline
Architecture
Maintenance
Inspection
Size of Your Program
Large Program Considerations
Small Program Considerations
Conclusion
Common Security Responsibilities
Information Security Program Structure Summary
Determining Your Program's Staffing
Define the Roles and Responsibilities of Your Team Members
Critical Attributes
Security Roles and Responsibilities
Influence on Staffing by the Information Security Program Structure
Perform a Gap Analysis
Evaluate Talent
Planning Summary
Planning Checklist
Design
Overview
Foundation Concepts
Critical Skills
Analytical Skills
Discovery
Evaluation
Strategy
Formulation
Organizational Skills
Sales
Financial Planning and Budgeting
Critical Skills Summary
Critical Knowledge
Opportunity Cost
Security Documents
Policies
Standards
Procedures
Guidelines
Example
Risks, Threats, and Vulnerabilities ... Oh My!
Example
Types of Security Controls
Preventive Controls
Detective Controls
Gap Analysis
SMART Statements
Types of Projects
People Projects
Process Projects
Technology Projects
Methodology
Preview
Security Document Development
Project Portfolio Development
Communication Plan Development
Incorporating Your Enterprise Drivers
Constraints
Laws and Regulations
Corporate Responsibility/Code of Conduct
Enablers
Requirements
Business Requirements
Example
Example
Functional Requirement
Example
Business Requirements of PCSC
Functional Requirement
Analysis
Methods for Creating Functional Requirements
Requirements Summary
Gap Analysis
Building Security Policies, Standards, Procedures, and Guidelines
The Theory of Security Policies
Drafting Your Information Security Policies
Ratifying the Security Policies
Standards, Procedures, and Guidelines
Build Security Documents Summary
Building the Security Project Portfolio
Performing the Policy Gap Analysis
Example
Analysis
Defining Ambiguities
Evaluating Controls (Gap Analysis)
Risk and Exposure Statements
Risk Rating
Risk Rating - High
Deriving the Security Projects
Quantitative Evaluation
Qualitative Evaluation
Cursory Project Scoping
Projects Versus Core
Scheduling (First Three Years)
Capital Budgeting
Approval of the Security Project Portfolio
Believe in Your Product
Ensure That Your Logic for Prioritization Is Understood
Know Your Product
Know What Others Are Buying
Identify the Buyers and the Roadblocks
Those Who Will Buy Your Offerings
Those Who Will Not Buy Any of Your Offerings
Those Who Can Apply Pressure to Individuals Who Won't Buy Your Offerings
Sell through Momentum
Sell through Others
Ensure That It's Sold before You Attempt to Sell It
Always Present in Person
Summary
Annual Portfolio Review
Build the Communication Plan
Potential Channels for the Communication Plan
Chapter Summary
Design Checklist
Execute
Overview
Foundation Concepts
Preview
Critical Skills
Executor
Commander
Communication
Tactician
Research
Analysis
Critical Skills Summary
Critical Knowledge
Overview of Project Management Methodologies
Benefits of a Project Mentality for Your Information Security Program
The Project Management Triangle
Technical Control Layers
Summary
Methodology
Preview
Project Execution
Development Methodology Structure
Critical Success Factors for a Project
Business, Functional, and Technical Requirements
Marketing Metrics
Project Governance Model
Management Support - Sponsorship
Establish a Team
Shared Vision
Formalized Project Plan (Gantt Chart)
Identifying and Working through the Lull of Doom
Critical Success Factors Summary
Warning Signs for Projects
Train Wrecks
Project Types and Their Intricacies
Common Guidelines for All Projects
Common Guidelines for People Projects
Common Guidelines for Process Projects
Common Guidelines for Technology Projects
Project Type Summary
Incorporating Security into Projects
Tools for Adding Security into a Properly Structured Project
Deploy
Tools for Adding Security into a Project with Missing Components
Vendor Evaluation/Selection
Preparing the Marketing Material
Chapter Summary
Report
Overview
Foundation Concepts
Critical Skills
Writer
Presenter
Critical Knowledge
Primary Principle of Reporting
Basic Reporting Components
Delivery Mechanisms
Marketing
Branding
Metrics
Damage Control
Summary
Methodology
Report Construction Process
Identifying the Need
Determine Intent
Desired Reaction
Determine Target Audience
Internal Audiences
Executive Management/Board of Directors
Technical Engineering Staff
Employees
Internal Audit/Regulatory Compliance Office
External Audiences
Government Agencies/Independent Auditors/Regulators
Stockholders and Owners
Customers and Clients
Target Audience Summary
Delivery Mechanisms
Administrative Reporting
Operational Reporting
Types of Delivery
Follow up on the Message
Close the Deal
Chapter Summary
The Final Phase
Overview
Back to the Beginning
Parting Thoughts
Appendices
Design Chapter Worksheets
Report Creation Process Worksheet
Requirements Sample
SDLC Checklist
Recommended Reading
Index
×
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.

×