Building a Practical Information Security Program

Building a Practical Information Security Program provides users with a strategic view on how to build an information security program that aligns with business objectives. The information provided enables both executive management and IT managers not only to validate existing security programs, but also to build new business-driven security programs. In addition, the subject matter supports aspiring security engineers to forge a career path to successfully manage a security program, thereby adding value and reducing risk to the business. Readers learn how to translate technical challenges into business requirements, understand when to "go big or go home," explore in-depth defense strategies, and review tactics on when to absorb risks. This book explains how to properly plan and implement an infosec program based on business strategy and results.

Autorentext

David Guretz (CISM, CISSP) is an experienced information security professional with over 15 years of information security experience and twenty-plus years in information technology. He has held security leadership roles at companies in the financial (Bank One, Jump Trading), telecommunications (AT&T), legal (Kirkland & Ellis), and insurance (Allstate, The Warrantly Group) industries. Recently he has converted over to the security product vendor side to provide better solutions for today's information security risks.He currently is the Director of Product Strategy for Verdasys, who produce the popular Digital Guardian data-centric, risk-based data loss prevention product line.

Klappentext

Building a Practical Information Security Program provides users with a strategic view on how to build an information security program that aligns with business objectives. The information provided will enable both executive management and IT managers to not only validate existing security programs, but also build new business-driven security programs. In addition, the subject matter enables aspiring security engineers to forge a career path to successfully managing a security program that not only adds value to, but also reduces the risk to, the business. . The book begins by resolving immediate tactical needs, transforming security needs into strategic goals, and, ultimately, by helping users put programs into operation with full lifecycle management. Readers will learn how to translate technical challenges into business requirements, understand when to go big or go home, explore in-depth defense strategies, and review tactics on when to absorb risk. . There is so much noise, marketing, and fear in the industry now that spending and deploying based on generic products and standards is often fruitless and a costly waste of time and energy. This book shows users how to properly plan and implement an infosec program based on business strategy and results.

Inhalt

Why We Need Security Programs

Develop a Security Strategy

Integrate Security into the Organization

Establish a Security Organization

Develop a Security Policy

Manage the Risks

Protect the Data

Manage the Security of Third Parties and Vendors

Conduct Security Awareness and Training

Develop Metrics to Measure Program Effectiveness