Details
Rational Cybersecurity for Business
The Security Leaders' Guide to Business Alignment|
39,99 € |
|
| Verlag: | Apress |
| Format: | |
| Veröffentl.: | 12.08.2020 |
| ISBN/EAN: | 9781484259528 |
| Sprache: | englisch |
Dieses eBook enthält ein Wasserzeichen.
Beschreibungen
<p>Use the guidance in this comprehensive field guide to gain the support of your top executives for aligning a rational cybersecurity plan with your business. You will learn how to improve working relationships with stakeholders in complex digital businesses, IT, and development environments. You will know how to prioritize your security program, and motivate and retain your team.<br></p><p>Misalignment between security and your business can start at the top at the C-suite or happen at the line of business, IT, development, or user level. It has a corrosive effect on any security project it touches. But it does not have to be like this. </p><p>Author Dan Blum presents valuable lessons learned from interviews with over 70 security and business leaders. You will discover how to successfully solve issues related to: risk management, operational security, privacy protection, hybrid cloud management, security culture and user awareness, and communication challenges.<br></p><div>This open access book presents six priority areas to focus on to maximize the effectiveness of your cybersecurity program: risk management, control baseline, security culture, IT rationalization, access control, and cyber-resilience. Common challenges and good practices are provided for businesses of different types and sizes. And more than 50 specific keys to alignment are included.<br></div><div><br></div><div><div><p><b>What You Will Learn</b></p><p></p><ul><li>Improve your security culture: clarify security-related roles, communicate effectively to businesspeople, and hire, motivate, or retain outstanding security staff by creating a sense of efficacy<br></li> <li>Develop a consistent accountability model, information risk taxonomy, and risk management framework</li> <li>Adopt a security and risk governance model consistent with your business structure or culture, manage policy, and optimize security budgeting within the larger business unit and CIO organization IT spend</li> <li>Tailor a control baseline to your organization’s maturity level, regulatory requirements, scale, circumstances, and critical assets</li> <li>Help CIOs, Chief Digital Officers, and other executives to develop an IT strategy for curating cloud solutions and reducing shadow IT, building up DevSecOps and Disciplined Agile, and more</li><li>Balance access control and accountability approaches, leverage modern digital identity standards to improve digital relationships, and provide data governance and privacy-enhancing capabilities<br></li><li>Plan for cyber-resilience: work with the SOC, IT, business groups, and external sources to coordinate incident response and to recover from outages and come back stronger</li> <li>Integrate your learnings from this book into a quick-hitting rational cybersecurity success plan</li> </ul><div> <p><br></p></div><p><b>Who This Book Is For</b></p><p> </p><p>Chief Information Security Officers (CISOs) and other heads of security, security directors and managers, security architects and project leads, and other team members providing security leadership to your business</p></div></div>
<p><b>Introduction</b> </p>
<p>Explain the book’s focus, audience, organization, and contents.</p>
<p><b>Chapter 1: Rationalize Cybersecurity for your Business Landscape</b></p>
<p>Describes the six cybersecurity priority focus areas.</p>
<p><b>Chapter 2: Identify and Empower Security-Related Roles</b></p>
<p>Explains how the people in the business each contribute to the secure operation of the business and its digital systems.</p>
<p><b>Chapter 3: Establish a Control Baseline</b></p>
Combs through control frameworks such as ISO 27001 and the NIST Cybersecurity Framework to select controls providing a minimum viable program (MVP) for many businesses. It also details how to align people, process, and technology for these controls; how to scale the implementation for different types of businesses; and how to sure share responsibility for delivering the controls with third parties.<p></p>
<p><b>Chapter 4: Simplify and Rationalize IT and Security</b></p>
<p>Argues that security leaders have a stake in developing an effective IT strategy, what that strategy might look like, and how security leaders – who don’t own IT - can still engage IT functions to help develop and deliver on the strategy. </p>
<p><b>Chapter 5: Manage Risk in the Language of Business</b></p>
Clarifies why risk management literally must be the brains of the security program. It must analyze, monitor, and communicate what potential losses or circumstances constitute the business’s top risk scenarios. An effective tiered risk analysis process can efficiently address the myriad secondary risk issues that arise through processes and prioritize controls or other risk treatments.<p></p>
<p><b>Chapter 6: Create a Strong Security Culture</b></p>
<p>Brings the cultural subtext that can make or break a cybersecurity environment into the foreground. It analyzes the components of security culture and provides guidance on how to devise a security culture improvement process and measure its effectiveness. User awareness, training, and appropriate day to day engagement with the business can all play a part in forging a constructive security culture. </p>
<p><b>Chapter 7: Put the Right Governance Model in Place</b></p>
Contrasts basic security governance structures that businesses can use, and provides guidance on how to select one and make it work. It describes core elements of the security program such as steering committees and security policy life cycle management. It also offers guidance on where the CISO should report in an organization. <p></p>
<p><b>Chapter 8: Control Access with Minimal Drag on the Business</b></p>
<p>Explains why access is the critical balance beam for the business, compliance mandates, and the security program. It addresses the need for information classification, data protection, and identity and access management (IAM) controls to implement access restrictions as required to reduce risk or attain regulatory compliance but do so in a way that enables appropriate digital relationships and data sharing with internal and external users.</p>
<p><b>Chapter 9: Institute Resilience, Detection, and Response</b></p>
<p>Guides readers on how to formulate contingency plans and strategies for detection, response, and recovery which together comprise cyber-resilience. </p>
<p><b>Chapter 10: Putting the Pieces Together</b></p>
<p>Summarizes guidance given throughout the book in the “keys” for aligning with the business. It reiterates guidance on how to scale security programs and the way they align to the business based on business size, complexity, and other factors.</p>
<p>Explain the book’s focus, audience, organization, and contents.</p>
<p><b>Chapter 1: Rationalize Cybersecurity for your Business Landscape</b></p>
<p>Describes the six cybersecurity priority focus areas.</p>
<p><b>Chapter 2: Identify and Empower Security-Related Roles</b></p>
<p>Explains how the people in the business each contribute to the secure operation of the business and its digital systems.</p>
<p><b>Chapter 3: Establish a Control Baseline</b></p>
Combs through control frameworks such as ISO 27001 and the NIST Cybersecurity Framework to select controls providing a minimum viable program (MVP) for many businesses. It also details how to align people, process, and technology for these controls; how to scale the implementation for different types of businesses; and how to sure share responsibility for delivering the controls with third parties.<p></p>
<p><b>Chapter 4: Simplify and Rationalize IT and Security</b></p>
<p>Argues that security leaders have a stake in developing an effective IT strategy, what that strategy might look like, and how security leaders – who don’t own IT - can still engage IT functions to help develop and deliver on the strategy. </p>
<p><b>Chapter 5: Manage Risk in the Language of Business</b></p>
Clarifies why risk management literally must be the brains of the security program. It must analyze, monitor, and communicate what potential losses or circumstances constitute the business’s top risk scenarios. An effective tiered risk analysis process can efficiently address the myriad secondary risk issues that arise through processes and prioritize controls or other risk treatments.<p></p>
<p><b>Chapter 6: Create a Strong Security Culture</b></p>
<p>Brings the cultural subtext that can make or break a cybersecurity environment into the foreground. It analyzes the components of security culture and provides guidance on how to devise a security culture improvement process and measure its effectiveness. User awareness, training, and appropriate day to day engagement with the business can all play a part in forging a constructive security culture. </p>
<p><b>Chapter 7: Put the Right Governance Model in Place</b></p>
Contrasts basic security governance structures that businesses can use, and provides guidance on how to select one and make it work. It describes core elements of the security program such as steering committees and security policy life cycle management. It also offers guidance on where the CISO should report in an organization. <p></p>
<p><b>Chapter 8: Control Access with Minimal Drag on the Business</b></p>
<p>Explains why access is the critical balance beam for the business, compliance mandates, and the security program. It addresses the need for information classification, data protection, and identity and access management (IAM) controls to implement access restrictions as required to reduce risk or attain regulatory compliance but do so in a way that enables appropriate digital relationships and data sharing with internal and external users.</p>
<p><b>Chapter 9: Institute Resilience, Detection, and Response</b></p>
<p>Guides readers on how to formulate contingency plans and strategies for detection, response, and recovery which together comprise cyber-resilience. </p>
<p><b>Chapter 10: Putting the Pieces Together</b></p>
<p>Summarizes guidance given throughout the book in the “keys” for aligning with the business. It reiterates guidance on how to scale security programs and the way they align to the business based on business size, complexity, and other factors.</p>
<p></p><p></p><div><p><i>Dan Blum is an internationally recognized cybersecurity and risk management strategist. He is a former Golden Quill Award-winning VP, Distinguished Analyst at Gartner, Inc., and has served as the de facto head of security for startups and consulting companies. He's advised hundreds of corporations, universities, and government organizations, and currently partners with top media, analyst firms, and clients to produce cybersecurity thought leadership research and to deliver cybersecurity workshops and coaching for security leaders.</i> </p><br></div>
<p>Use the guidance in this comprehensive field guide to gain the support of your top executives for aligning a rational cybersecurity plan with your business. You will learn how to improve working relationships with stakeholders in complex digital businesses, IT, and development environments. You will know how to prioritize your security program, and motivate and retain your team.<br></p><p>Misalignment between security and your business can start at the top at the C-suite or happen at the line of business, IT, development, or user level. It has a corrosive effect on any security project it touches. But it does not have to be like this. </p><p>Author Dan Blum presents valuable lessons learned from interviews with over 70 security and business leaders. You will discover how to successfully solve issues related to: risk management, operational security, privacy protection, hybrid cloud management, security culture and user awareness, and communication challenges.<br></p><div>This open access book presents six priority areas to focus on to maximize the effectiveness of your cybersecurity program: risk management, control baseline, security culture, IT rationalization, access control, and cyber-resilience. Common challenges and good practices are provided for businesses of different types and sizes. And more than 50 specific keys to alignment are included.<br></div><div><br></div><div>You will:</div><div><ul><li>Improve your security culture: clarify security-related roles, communicate effectively to businesspeople, and hire, motivate, or retain outstanding security staff by creating a sense of efficacy<br></li><li>Develop a consistent accountability model, information risk taxonomy, and risk management framework</li><li>Adopt a security and risk governance model consistent with your business structure or culture, manage policy, and optimize security budgeting within the larger business unit and CIO organization IT spend</li><li>Tailor a control baseline to your organization’s maturity level, regulatory requirements, scale, circumstances, and critical assets</li><li>Help CIOs, Chief Digital Officers, and other executives to develop an IT strategy for curating cloud solutions and reducing shadow IT, building up DevSecOps and Disciplined Agile, and more</li><li>Balance access control and accountability approaches, leverage modern digital identity standards to improve digital relationships, and provide data governance and privacy-enhancing capabilities<br></li><li>Plan for cyber-resilience: work with the SOC, IT, business groups, and external sources to coordinate incident response and to recover from outages and come back stronger</li><li>Integrate your learnings from this book into a quick-hitting rational cybersecurity success plan</li></ul><div><p><br></p></div></div>
<p>The first comprehensive field guide to cybersecurity-business alignment</p><p>Focuses on six areas to maximize the effectiveness of your cybersecurity program: risk management, control baseline, security culture, IT rationalization, access control, and cyber-resilience</p><p>Includes more than 50 keys to alignment and advice on how to scale them for businesses of different types and sizes</p>
Diese Produkte könnten Sie auch interessieren:
