Get Free Ebook The Ciso Handbook: A Practical Guide to Securing Your Company, by Michael Gentile, Ron Collette, Thomas D. August
The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August. Negotiating with reading behavior is no demand. Checking out The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August is not kind of something sold that you can take or otherwise. It is a point that will certainly transform your life to life better. It is the many things that will certainly provide you many things all over the world as well as this universe, in the real life and here after. As what will certainly be offered by this The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August, exactly how can you bargain with things that has several perks for you?
The Ciso Handbook: A Practical Guide to Securing Your Company, by Michael Gentile, Ron Collette, Thomas D. August
Get Free Ebook The Ciso Handbook: A Practical Guide to Securing Your Company, by Michael Gentile, Ron Collette, Thomas D. August
Why ought to get ready for some days to obtain or receive the book The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August that you get? Why ought to you take it if you can get The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August the faster one? You can discover the exact same book that you order here. This is it guide The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August that you can obtain straight after purchasing. This The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August is well known book around the world, certainly lots of people will certainly aim to possess it. Why do not you come to be the very first? Still puzzled with the way?
The means to obtain this book The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August is really simple. You might not go for some places and also spend the time to just find guide The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August As a matter of fact, you might not constantly obtain guide as you're willing. But right here, only by search as well as discover The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August, you can get the listings of the books that you really expect. In some cases, there are several books that are revealed. Those books obviously will certainly impress you as this The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August compilation.
Are you curious about mainly books The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August If you are still perplexed on which one of the book The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August that must be bought, it is your time to not this site to search for. Today, you will need this The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August as one of the most referred book and many required publication as sources, in various other time, you could enjoy for a few other publications. It will depend upon your ready needs. But, we consistently suggest that publications The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August can be a wonderful infestation for your life.
Also we discuss guides The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August; you may not locate the published publications here. Many compilations are supplied in soft data. It will precisely offer you much more advantages. Why? The first is that you could not need to lug guide anywhere by fulfilling the bag with this The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August It is for the book remains in soft data, so you can save it in device. After that, you can open the gizmo anywhere and read the book properly. Those are some couple of advantages that can be got. So, take all benefits of getting this soft data book The Ciso Handbook: A Practical Guide To Securing Your Company, By Michael Gentile, Ron Collette, Thomas D. August in this internet site by downloading and install in web link given.
The CISO Handbook: A Practical Guide to Securing Your Company provides unique insights and guidance into designing and implementing an information security program, delivering true value to the stakeholders of a company. The authors present several essential high-level concepts before building a robust framework that will enable you to map the concepts to your company’s environment.
The book is presented in chapters that follow a consistent methodology – Assess, Plan, Design, Execute, and Report. The first chapter, Assess, identifies the elements that drive the need for infosec programs, enabling you to conduct an analysis of your business and regulatory requirements. Plan discusses how to build the foundation of your program, allowing you to develop an executive mandate, reporting metrics, and an organizational matrix with defined roles and responsibilities. Design demonstrates how to construct the policies and procedures to meet your identified business objectives, explaining how to perform a gap analysis between the existing environment and the desired end-state, define project requirements, and assemble a rough budget. Execute emphasizes the creation of a successful execution model for the implementation of security projects against the backdrop of common business constraints. Report focuses on communicating back to the external and internal stakeholders with information that fits the various audiences.
Each chapter begins with an Overview, followed by Foundation Concepts that are critical success factors to understanding the material presented. The chapters also contain a Methodology section that explains the steps necessary to achieve the goals of the particular chapter.
- Sales Rank: #1330793 in Books
- Published on: 2005-08-24
- Original language: English
- Number of items: 1
- Dimensions: 9.42" h x .94" w x 6.30" l, 1.37 pounds
- Binding: Hardcover
- 352 pages
About the Author
Mike Gentile is on a mission to change the status quo in Information Security as we know it. His goal is to translate the discipline from one that is often misunderstood, inefficiently applied, and painful to one that is seamless, collaborative, and repeatable in organizations across the globe. Delphiis is the encapsulation of this mission. Mike brings balance of business acumen and technical skill-set anchored by years in the field and his core focus over the past 15 years has been his practice, Coastline Consulting services. As the Founder and President, Coastline has developed enterprise security programs for countless leading public, private, and government organizations, including many within the Global 1000 and Fortune 500. During that time he also became Co-Founder and Editor for CISOHandbook.com, the leading portal for security leaders. As a researcher, Mike has contributed numerous publications within the Information technology, project management, and security communities. He is also a senior researcher with Computer Economics in the Information Security domain and has written articles for the ISSA Journal, Computer Economics, RSA Conference and Secure World Expo.
As a writer he is the co-author of The CISO Handbook: A Practical Guide to Securing Your Company as well as CISO Soft Skills: Securing Organizations Impaired by Employee Politics, Apathy, and Intolerant Perspectives. The CISO Handbook is used as course material for numerous advanced education and Master’s programs on security leadership around the world. Mr. Gentile serves on multiple advisory boards, including being on the Board of Advisors for Savant, a malware protection company, as well an active member of the RSA Program Committee since 2009.
Mr. Gentile is a sought after speaker on security, project management, and information technology topics. For the last 3 years he has been a top rated speaker at RSA, the most prestigious security conference in the United states and has been keynote speaker for the CXO Summits conference series. He has also presented over the years for the Project Management Institute, Secure World Expo, ISSA, Symantec, and many more. Mike lives in Southern California with his wife Tiffany and their two boys.
Most helpful customer reviews
7 of 8 people found the following review helpful.
Sage advice for managing the security programme
By Dr. G. Hinson
This is a well-written practical guide to building and delivering an information security improvement programme. Presenting sage advice in a consistent manner, the book is a helpful primer for the person tasked by management with `fixing information security'.
The book is written by and for those in the front line, not in ivory towers. The three authors each have CISSP and other information security qualifications plus 10 to 20 years' work experience in information security management, meaning that their advice holds weight. They all combine hands-on with management and/or consulting expertise, meaning that they view information security in a business context.
The primary focus of the book is to guide, advise, encourage and support Chief Information Security Officers (or equivalents) working on their information security improvement programmes. It's a bit like having a personal trainer at the gym: the trainer points out the aims of the training and suggests how to the trainee might improve his technique, but the trainee must interpret the advice, internalize it and of course put in the hard work to improve.
The book generally avoids making specific recommendations for particular information security controls. The reader is expected to be able to figure out for himself (perhaps using some of the techniques and checklists presented) what the security improvement projects will actually achieve. Instead, it emphasizes the programme management aspects. This approach is more broadly applicable since each organization's information security needs differ. There are numerous other books and standards describing best practice security controls, but few address the overall planning.
The overall flow of the book follows the suggested lifecycle of an information security implementation or improvement project:
Assess - identify the drivers or needs for security improvement (e.g. risks, legal obligations) and the constraints
Plan - obtain management support for the programme, prepare an improvement strategy and build your team
Design - prepare information security policies, conduct a gap analysis and prepare a portfolio of projects
Execute - numerous suggestions to help manage the improvement projects successfully
Report - management reporting.
Each chapter contains a consistent structure with an introduction, some theoretical framing, the `guts' and a conclusion which links to the next chapter. The `guts' reflect the authors' practical approach, offering pragmatic and helpful guidance to the newly appointed or would-be CISO.
The writing is clear and straightforward, with key messages consistently presented and reinforced throughout the book. There are useful checklists, tables and process flows embedded in the text although some of the block diagrams seem rather too high-level and pointless (that's just my personal opinion).
I am currently working with a client to initiate a large information security improvement programme and so enjoyed reading this book cover-to-cover in a few sittings. It was gratifying to find that we are already following the recommended approach with few if any exceptions, and there's nothing substantial we would quarrel about. Better still, I am glad to have picked up some good tips and look forward to thumbing through this book every month for the next year or so. If you are a CISO, I commend this book to you.
0 of 1 people found the following review helpful.
Extremely valuable security reference
By Ben Rothke
The CISO Handbook: A Practical Guide to Securing Your Company lives up to its title as being a practical guide to security. The book is antithetical approach to the products equal security approach, and takes a pragmatic approach to security.
The authors have extensive real-world experience and approach information security from a holistic perspective. They clearly understand what it takes to build an information security program. One of the biggest mistakes in security is that it is seen as plug and play. Buy a security product, install in, and like magic, you have this thing called data security. But that only works in the world of product brochures and marketing material, not in the real world. The book does not approach security from a plug and play perspective, but as an endeavor that requires a multi-year effort to come to fruition.
The five chapters deal with security from its true source, namely that of risk. The chapters are: Assess, Plan, Design, Execute and Report. These five areas encompass all of information security and those firms that have built an information security infrastructure all done it by focusing on these five areas.
The first area, Assess, is all about risk management. Many companies will purchase security products without even knowing what their specific risks are, and have often not performed a comprehensive risk analysis. Without a comprehensive risk analysis, any security product will simply operate in a vacuum. The benefits of a risk assessment and analysis are that they ensure that an organization is worrying about the right things and dealing with real, as opposed to perceived threats. The ultimate outcome of a risk analysis should be to see if the organization can benefit from the security product.
Chapter 1 ends with an assessment checklist of various areas that go into a risk assessment. One of the questions in the checklist that you likely will not see anywhere else is "describe the political climate at your company". Too many security people think only about the technology and neglect the political implications of a security system. Not taking into consideration the politics is a surefire way to potentially doom a project. Similar questions detailed in the checklist will give the reader a good feel for how secure their organization truly is; as opposed to the often perceived view of being much more secure.
Chapter 2 is aptly titled Plan. The planning phase is meant to combine the issues of assessment and to integrate options to mitigate those risks. The way in which a specific security technology or methodology is implemented is dependent on the organization. Rather than using a cookie-cutter approach, effective planning ensures that the security technologies chosen support your security program. Far too many organizations make the mistake of simply buying products without giving enough consideration into the myriad details of how they will be deployed, managed and used.
Chapter 2 emphasizes the need for planning, and the book as a whole emphasizes the need for the use of a methodology when dealing with information security. For many security technologies, the challenges of are not so much with the technology, but rather with ensuring that the technology meets business requirements, is scalable and reliable, etc.
Building a comprehensive information security program is likely to be more complex than previous experience of typical IT projects. As well as project management, technical and operational aspects, there are many policy, legal and security issues which must be taken into consideration. By following a structured methodology based on practical experience, many of the potential traps and pitfalls can be avoided. The risks to the business and the project are reduced and those that remain are quantified at an early stage.
The planning checklist at the end of chapter 2 will helps by ensuring that the solutions identified are deployed in the context of a well designed information security program. It can also be used as a wake-up call to management that often seriously underestimates the amount of time and manpower required to create an effective information security program.
One of the added benefits of planning is that it makes it much easier to integrate new regulatory requirements into the security program. A well-planned network can retrofit new requirements much more quickly and efficiently. This is a critical need given the increasing amount of new regulations that will come into play in the coming years, in addition to current regulations such as HIPAA, Sarbanes-Oxley and much more.
Chapters 3, 4 and 5 progress in a similar manner with the topics of Design, Execute, and Report. Each chapter details the essentials of the topic and shows how it is critical to the efficacy of an successful information security program.
What the reader may find missing from the book is particulars of the various security technologies. But that is the very function of the book, to show that information security is not primarily about the products, rather the underlying infrastructure on which those products reside on. Any product that is not deployed in a methodology similar to that of The CISO Handbook is likely to find itself lacking. The product might be there and hum along; but the security that it provides will likely be negligible.
The uniqueness of The CISO Handbook is that is shows how to design and implement an effective security program based on real world scenarios, as opposed to product reviews and vendor evaluations.
The CISO Handbook: A Practical Guide to Securing Your Company is indeed a most practical guide, as its title suggests. It is quite helpful to anyone in a security organization, whether they are the CISO, system administrator, or in a different capacity. The CISO Handbook: A Practical Guide to Securing Your Company lives up to its title as being a practical guide to security. The book is antithetical approach to the products equal security approach, and takes a pragmatic approach to security.
The authors have extensive real-world experience and approach information security from a holistic perspective. They clearly understand what it takes to build an information security program. One of the biggest mistakes in security is that it is seen as plug and play. Buy a security product, install in, and like magic, you have this thing called data security. But that only works in the world of product brochures and marketing material, not in the real world. The book does not approach security from a plug and play perspective, but as an endeavor that requires a multi-year effort to come to fruition.
The five chapters deal with security from its true source, namely that of risk. The chapters are: Assess, Plan, Design, Execute and Report. These five areas encompass all of information security and those firms that have built an information security infrastructure all done it by focusing on these five areas.
The first area, Access, is all about risk management. Many companies will purchase security products without even knowing what their specific risks are, and have often not performed a comprehensive risk analysis. Without a comprehensive risk analysis, any security product will simply operate in a vacuum. The benefits of a risk assessment and analysis are that they ensure that an organization is worrying about the right things and dealing with real, as opposed to perceived threats. The ultimate outcome of a risk analysis should be to see if the organization can benefit from the security product.
Chapter 1 ends with an assessment checklist of various areas that go into a risk assessment. One of the questions in the checklist that you likely will not see anywhere else is "describe the political climate at your company". Too many security people think only about the technology and neglect the political implications of a security system. Not taking into consideration the politics is a surefire way to potentially doom a project. Similar questions detailed in the checklist will give the reader a good feel for how secure their organization truly is; as opposed to the often perceived view of being much more secure.
Chapter 2 is aptly titled Plan. The planning phase is meant to combine the issues of assessment and to integrate options to mitigate those risks. The way in which a specific security technology or methodology is implemented is dependent on the organization. Rather than using a cookie-cutter approach, effective planning ensures that the security technologies chosen support your security program. Far too many organizations make the mistake of simply buying products without giving enough consideration into the myriad details of how they will be deployed, managed and used.
Chapter 2 emphasizes the need for planning, and the book as a whole emphasizes the need for the use of a methodology when dealing with information security. For many security technologies, the challenges of are not so much with the technology, but rather with ensuring that the technology meets business requirements, is scalable and reliable, etc.
Building a comprehensive information security program is likely to be more complex than previous experience of typical IT projects. As well as project management, technical and operational aspects, there are many policy, legal and security issues which must be taken into consideration. By following a structured methodology based on practical experience, many of the potential traps and pitfalls can be avoided. The risks to the business and the project are reduced and those that remain are quantified at an early stage.
The planning checklist at the end of chapter 2 will helps by ensuring that the solutions identified are deployed in the context of a well designed information security program. It can also be used as a wake-up call to management that often seriously underestimates the amount of time and manpower required to create an effective information security program.
One of the added benefits of planning is that it makes it much easier to integrate new regulatory requirements into the security program. A well-planned network can retrofit new requirements much more quickly and efficiently. This is a critical need given the increasing amount of new regulations that will come into play in the coming years, in addition to current regulations such as HIPAA, Sarbanes-Oxley and much more.
Chapters 3, 4 and 5 progress in a similar manner with the topics of Design, Execute, and Report. Each chapter details the essentials of the topic and shows how it is critical to the efficacy of an successful information security program.
What the reader may find missing from the book is particulars of the various security technologies. But that is the very function of the book, to show that information security is not primarily about the products, rather the underlying infrastructure on which those products reside on. Any product that is not deployed in a methodology similar to that of The CISO Handbook is likely to find itself lacking. The product might be there and hum along; but the security that it provides will likely be negligible.
The uniqueness of The CISO Handbook is that is shows how to design and implement an effective security program based on real world scenarios, as opposed to product reviews and vendor evaluations.
The CISO Handbook: A Practical Guide to Securing Your Company is indeed a most practical guide, as its title suggests. It is quite helpful to anyone in a security organization, whether they are the CISO, system administrator, or in a different capacity.
16 of 18 people found the following review helpful.
The CISO Handbook
By Don Saracco
At last a comprehensive view of what a total security program needs to be. So much of the literature on the subject is about technology only that this wholistic approach is a breath of fresh air. It is clearly and simply written and provides an easy to follow roadmap for any security manager to follow in developing an enterprise security program.
The Ciso Handbook: A Practical Guide to Securing Your Company, by Michael Gentile, Ron Collette, Thomas D. August PDF
The Ciso Handbook: A Practical Guide to Securing Your Company, by Michael Gentile, Ron Collette, Thomas D. August EPub
The Ciso Handbook: A Practical Guide to Securing Your Company, by Michael Gentile, Ron Collette, Thomas D. August Doc
The Ciso Handbook: A Practical Guide to Securing Your Company, by Michael Gentile, Ron Collette, Thomas D. August iBooks
The Ciso Handbook: A Practical Guide to Securing Your Company, by Michael Gentile, Ron Collette, Thomas D. August rtf
The Ciso Handbook: A Practical Guide to Securing Your Company, by Michael Gentile, Ron Collette, Thomas D. August Mobipocket
The Ciso Handbook: A Practical Guide to Securing Your Company, by Michael Gentile, Ron Collette, Thomas D. August Kindle
Tidak ada komentar:
Posting Komentar