CISO Handbook: A Practical Guide to Securing Your Company, The
The CISO Handbook: A Practical Guide to Securing Your Company provides unique insights and guidance into designing and implementing an information security program, delivering true value to the stakeholders of a company. The authors present several essential high-level concepts before building a rob...
Đã lưu trong:
| Những tác giả chính: | , , |
|---|---|
| Định dạng: | Sách |
| Ngôn ngữ: | English |
| Được phát hành: |
CRC Press
2009
|
| Truy cập trực tuyến: | http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1447 |
| Các nhãn: |
Thêm thẻ
Không có thẻ, Là người đầu tiên thẻ bản ghi này!
|
| Thư viện lưu trữ: | Thư viện Trường Đại học Đà Lạt |
|---|
| id |
oai:scholar.dlu.edu.vn:DLU123456789-1447 |
|---|---|
| record_format |
dspace |
| institution |
Thư viện Trường Đại học Đà Lạt |
| collection |
Thư viện số |
| language |
English |
| description |
The CISO Handbook: A Practical Guide to Securing Your Company provides unique insights and guidance into designing and implementing an information security program, delivering true value to the stakeholders of a company. The authors present several essential high-level concepts before building a robust framework that will enable you to map the concepts to your company's environment.
The book is presented in chapters that follow a consistent methodology - Assess, Plan, Design, Execute, and Report. The first chapter, Assess, identifies the elements that drive the need for infosec programs, enabling you to conduct an analysis of your business and regulatory requirements. Plan discusses how to build the foundation of your program, allowing you to develop an executive mandate, reporting metrics, and an organizational matrix with defined roles and responsibilities. Design demonstrates how to construct the policies and procedures to meet your identified business objectives, explaining how to perform a gap analysis between the existing environment and the desired end-state, define project requirements, and assemble a rough budget. Execute emphasizes the creation of a successful execution model for the implementation of security projects against the backdop of common business constraints. Report focuses on communicating back to the external and internal stakeholders with information that fits the various audiences.
Each chapter begins with an Overview, followed by Foundation Concepts that are critical success factors to understanding the material presented. The chapters also contain a Methodology section that explains the steps necessary to achieve the goals of the particular chapter. |
| format |
Book |
| author |
Gentile, Michael Collette, Ronald August, Thomas |
| spellingShingle |
Gentile, Michael Collette, Ronald August, Thomas CISO Handbook: A Practical Guide to Securing Your Company, The |
| author_facet |
Gentile, Michael Collette, Ronald August, Thomas |
| author_sort |
Gentile, Michael |
| title |
CISO Handbook: A Practical Guide to Securing Your Company, The |
| title_short |
CISO Handbook: A Practical Guide to Securing Your Company, The |
| title_full |
CISO Handbook: A Practical Guide to Securing Your Company, The |
| title_fullStr |
CISO Handbook: A Practical Guide to Securing Your Company, The |
| title_full_unstemmed |
CISO Handbook: A Practical Guide to Securing Your Company, The |
| title_sort |
ciso handbook: a practical guide to securing your company, the |
| publisher |
CRC Press |
| publishDate |
2009 |
| url |
http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1447 |
| _version_ |
1757677686139912192 |
| spelling |
oai:scholar.dlu.edu.vn:DLU123456789-14472009-12-02T08:12:57Z CISO Handbook: A Practical Guide to Securing Your Company, The Gentile, Michael Collette, Ronald August, Thomas The CISO Handbook: A Practical Guide to Securing Your Company provides unique insights and guidance into designing and implementing an information security program, delivering true value to the stakeholders of a company. The authors present several essential high-level concepts before building a robust framework that will enable you to map the concepts to your company's environment. The book is presented in chapters that follow a consistent methodology - Assess, Plan, Design, Execute, and Report. The first chapter, Assess, identifies the elements that drive the need for infosec programs, enabling you to conduct an analysis of your business and regulatory requirements. Plan discusses how to build the foundation of your program, allowing you to develop an executive mandate, reporting metrics, and an organizational matrix with defined roles and responsibilities. Design demonstrates how to construct the policies and procedures to meet your identified business objectives, explaining how to perform a gap analysis between the existing environment and the desired end-state, define project requirements, and assemble a rough budget. Execute emphasizes the creation of a successful execution model for the implementation of security projects against the backdop of common business constraints. Report focuses on communicating back to the external and internal stakeholders with information that fits the various audiences. Each chapter begins with an Overview, followed by Foundation Concepts that are critical success factors to understanding the material presented. The chapters also contain a Methodology section that explains the steps necessary to achieve the goals of the particular chapter. Assess Overview Foundation Concepts Critical Skills Consultative Sales Skills Critical Knowledge Understanding Your Business Understanding Risk Understanding Your Enterprise Differentiators Understanding Your Legal and Regulatory Environment Understanding Your Organizational Structure Understanding Your Organizational Dynamics Enterprise Culture Understanding your Enterprise's View of Technology Assessment Methodology Identifying your Program's Primary Driver Why Are You Here? Stakeholders Identifying your External Drivers Other External Drivers Identifying your Internal Drivers Assessment Checklist Plan Overview Foundation Concepts Critical Skills Visioning Strategic Planning Negotiating Marketing Talent Assessment Critical Skills Summary Critical Knowledge ISC2 Common Body of Knowledge [CBK] Other Security Industry Resources Planning Methodology Understanding your Program's Mandate Determining Your Program's Structure Centralized vs. Decentralized Security Pipeline Size of Your Program Security Program Structure Summary Determining Your Program's Staffing Planning Summary Planning Checklist Design Overview Foundation Concepts Critical Skills Critical Knowledge Methodology Preview Security Document Development Project Portfolio Development Communication Plan Development Incorporating your Enterprise Drivers Requirements Gap Analysis Building Security Policies, Standards, Procedures, And Guidelines Build Security Documents Summary Building the Security Project Portfolio Annual Portfolio Review Build the Communication Plan Chapter Summary Design Checklist Execute Overview Foundation Concepts Preview Critical Skills Critical Knowledge Methodology Project Execution Administrative Cleanup Chapter Summary Report Overview Foundation Concepts Critical Skills Critical Knowledge Marketing Methodology Report Construction Process Determine Target Audience Delivery Mechanisms Chapter Summary The Final Phase Overview Back To the Beginning Parting Thoughts Appendix A Design Chapter Worksheets Appendix B Report Creation Process Worksheet Appendix C Requirements Sample Appendix D SDLC Checklist Appendix E Recommended Reading 2009-12-02T08:12:57Z 2009-12-02T08:12:57Z 2005 Book http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1447 en application/rar CRC Press |