Skip to content
Cart (0) Free shipping over $35*
Buybacks (0) Free shipping on buybacks
loading
Help Contact
Return rental ›

CISO Handbook A Practical Guide to Securing Your Company

Best in textbook rentals since 2012!

ISBN-10: 0849319528

ISBN-13: 9780849319525

Edition: 2005

Authors: Michael Gentile, Collete Ronald D, August Thomas D, Gentile Michael, Ronald D. Collette

List price: $87.95
Blue ribbon 30 day, 100% satisfaction guarantee!
Rent eBooks
Marketplace
3 new & used from $6.75
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!

Description:

This handbook provides practical guidance into designing and implementing an information security program that delivers true value to the stakeholders of a company.The authors present essential high-level concepts before building a robust framework that you can use to map the concepts to your company's environment. The book presents chapters in a consistent methodology - Assess, Plan, Design, Execute, and Report. Each chapter begins with an Overview, followed by Foundation Concepts that are critical success factors to understanding the material presented. The chapters also contain a Methodology section that explains the steps necessary to achieve the goals of the chapter.
Customers also bought

Book details

List price: $87.95
Copyright year: 2005
Publisher: Auerbach Publishers, Incorporated
Publication date: 8/24/2005
Binding: Hardcover
Pages: 352
Size: 6.50" wide x 9.50" long x 1.00" tall
Weight: 1.386
Language: English

Forward
Acknowledgments
Team Acknowledgment
Organizations We Would Like to Thank
Introduction
Overview
Assess
Overview
Foundation Concepts
Critical Skills
Consultative Sales Skills
Enabling New Business Opportunities
Reducing Business Risk
Critical Knowledge
Understanding Your Business
Understanding Risk
Understanding Your Enterprise Differentiators
Understanding Your Legal and Regulatory Environment
Understanding Your Organizational Structure
Understanding Your Organizational Dynamics
Enterprise Culture
Understanding Your Enterprise's View of Technology
Assessment Methodology
Identifying Your Program's Primary Driver
Why Are You Here?
Stakeholders
Types of Stakeholders
Identifying Your External Drivers
Regulatory/Audit Environment
Other External Drivers
Identifying Your Internal Drivers
Political Climate
Who Is on Your Team?
The Enterprise's Business
Financial Environment
Technical Environment
Industry
Assessment Checklist
Plan
Overview
Foundation Concepts
Critical Skills
Visioning
Strategic Planning
Negotiating
Marketing
Talent Assessment
Critical Skills Summary
Critical Knowledge
ISC[superscript 2] Common Body of Knowledge (CBK)
Other Security Industry Resources
Planning Methodology
Understanding Your Program's Mandate
Determining Your Program Mission
Mission Statements
Building Your Mission Statement
Determining Your Program's Structure
Operational Versus Non-Operational
Size of Your Enterprise
Political Climate
Centralized Versus Decentralized
Common Reasons for Choosing a Centralized Model
Common Reasons for Choosing a De-Centralized Model
Security Pipeline
Architecture
Maintenance
Inspection
Size of Your Program
Large Program Considerations
Small Program Considerations
Conclusion
Common Security Responsibilities
Information Security Program Structure Summary
Determining Your Program's Staffing
Define the Roles and Responsibilities of Your Team Members
Critical Attributes
Security Roles and Responsibilities
Influence on Staffing by the Information Security Program Structure
Perform a Gap Analysis
Evaluate Talent
Planning Summary
Planning Checklist
Design
Overview
Foundation Concepts
Critical Skills
Analytical Skills
Discovery
Evaluation
Strategy
Formulation
Organizational Skills
Sales
Financial Planning and Budgeting
Critical Skills Summary
Critical Knowledge
Opportunity Cost
Security Documents
Policies
Standards
Procedures
Guidelines
Example
Risks, Threats, and Vulnerabilities ... Oh My!
Example
Types of Security Controls
Preventive Controls
Detective Controls
Gap Analysis
SMART Statements
Types of Projects
People Projects
Process Projects
Technology Projects
Methodology
Preview
Security Document Development
Project Portfolio Development
Communication Plan Development
Incorporating Your Enterprise Drivers
Constraints
Laws and Regulations
Corporate Responsibility/Code of Conduct
Enablers
Requirements
Business Requirements
Example
Example
Functional Requirement
Example
Business Requirements of PCSC
Functional Requirement
Analysis
Methods for Creating Functional Requirements
Requirements Summary
Gap Analysis
Building Security Policies, Standards, Procedures, and Guidelines
The Theory of Security Policies
Drafting Your Information Security Policies
Ratifying the Security Policies
Standards, Procedures, and Guidelines
Build Security Documents Summary
Building the Security Project Portfolio
Performing the Policy Gap Analysis
Example
Analysis
Defining Ambiguities
Evaluating Controls (Gap Analysis)
Risk and Exposure Statements
Risk Rating
Risk Rating - High
Deriving the Security Projects
Quantitative Evaluation
Qualitative Evaluation
Cursory Project Scoping
Projects Versus Core
Scheduling (First Three Years)
Capital Budgeting
Approval of the Security Project Portfolio
Believe in Your Product
Ensure That Your Logic for Prioritization Is Understood
Know Your Product
Know What Others Are Buying
Identify the Buyers and the Roadblocks
Those Who Will Buy Your Offerings
Those Who Will Not Buy Any of Your Offerings
Those Who Can Apply Pressure to Individuals Who Won't Buy Your Offerings
Sell through Momentum
Sell through Others
Ensure That It's Sold before You Attempt to Sell It
Always Present in Person
Summary
Annual Portfolio Review
Build the Communication Plan
Potential Channels for the Communication Plan
Chapter Summary
Design Checklist
Execute
Overview
Foundation Concepts
Preview
Critical Skills
Executor
Commander
Communication
Tactician
Research
Analysis
Critical Skills Summary
Critical Knowledge
Overview of Project Management Methodologies
Benefits of a Project Mentality for Your Information Security Program
The Project Management Triangle
Technical Control Layers
Summary
Methodology
Preview
Project Execution
Development Methodology Structure
Critical Success Factors for a Project
Business, Functional, and Technical Requirements
Marketing Metrics
Project Governance Model
Management Support - Sponsorship
Establish a Team
Shared Vision
Formalized Project Plan (Gantt Chart)
Identifying and Working through the Lull of Doom
Critical Success Factors Summary
Warning Signs for Projects
Train Wrecks
Project Types and Their Intricacies
Common Guidelines for All Projects
Common Guidelines for People Projects
Common Guidelines for Process Projects
Common Guidelines for Technology Projects
Project Type Summary
Incorporating Security into Projects
Tools for Adding Security into a Properly Structured Project
Deploy
Tools for Adding Security into a Project with Missing Components
Vendor Evaluation/Selection
Preparing the Marketing Material
Chapter Summary
Report
Overview
Foundation Concepts
Critical Skills
Writer
Presenter
Critical Knowledge
Primary Principle of Reporting
Basic Reporting Components
Delivery Mechanisms
Marketing
Branding
Metrics
Damage Control
Summary
Methodology
Report Construction Process
Identifying the Need
Determine Intent
Desired Reaction
Determine Target Audience
Internal Audiences
Executive Management/Board of Directors
Technical Engineering Staff
Employees
Internal Audit/Regulatory Compliance Office
External Audiences
Government Agencies/Independent Auditors/Regulators
Stockholders and Owners
Customers and Clients
Target Audience Summary
Delivery Mechanisms
Administrative Reporting
Operational Reporting
Types of Delivery
Follow up on the Message
Close the Deal
Chapter Summary
The Final Phase
Overview
Back to the Beginning
Parting Thoughts
Appendices
Design Chapter Worksheets
Report Creation Process Worksheet
Requirements Sample
SDLC Checklist
Recommended Reading
Index
  • TextbookRush.com BBB Business Review
  • Trustpilot
Like TextbookRush on Facebook Follow TextbookRush on X Follow TextbookRush on Instagram Subscribe to TextbookRush on YouTube Follow TextbookRush on Pinterest Add TextbookRush on Snapchat Add TextbookRush on TikTok
© 2002-2024 TextbookRush
Subscribe