CISO Journey
portes grátis
CISO Journey
Life Lessons and Concepts to Accelerate Your Professional Development
Fredriksen, Eugene
Taylor & Francis Ltd
08/2022
316
Mole
Inglês
9781032402215
15 a 20 dias
453
Descrição não disponível.
List of Figures
List of Tables
Prologue
Foreword
Acknowledgments
Author
Section I INTRODUCTION AND HISTORY
1 Introduction: The Journey
2 Learning from History?
3 My First CISO Lesson: The Squirrel
Section II THE RULES AND INDUSTRY DISCUSSION
4 A Weak Foundation Amplifies Risk
5 If a Bad Guy Tricks You into Running His Code on Your Computer, It's Not Your Computer Anymore
6 There's Always a Bad Guy Out There Who's Smarter, More Knowledgeable, or Better-Equipped Than You
7 Know the Enemy, Think Like the Enemy
8 Know the Business, Not Just the Technology
9 Technology Is Only One-Third of Any Solution
10 Every Organization Must Assume Some Risk
11 When Preparation Meets Opportunity, Excellence Happens
12 There Are Only Two Kinds of Organizations: Those That Know They've Been Compromised and Those That Don't Know Yet
13 In Information Security, Just Like in Life, Evolution Is Always Preferable to Extinction
14 A Security Culture Is In Place When Talk Is Replaced with Action
15 NEVER Trust and ALWAYS Verify
Section III SUMMARY
16 My Best Advice for New CISOs
Appendix A: The Written Information Security Plan
Appendix B: Talking to the Board
Appendix C: Establishing an Incident Response Program
Appendix D: Sample High-Level Risk Assessment Methodology
List of Tables
Prologue
Foreword
Acknowledgments
Author
Section I INTRODUCTION AND HISTORY
1 Introduction: The Journey
2 Learning from History?
3 My First CISO Lesson: The Squirrel
Section II THE RULES AND INDUSTRY DISCUSSION
4 A Weak Foundation Amplifies Risk
5 If a Bad Guy Tricks You into Running His Code on Your Computer, It's Not Your Computer Anymore
6 There's Always a Bad Guy Out There Who's Smarter, More Knowledgeable, or Better-Equipped Than You
7 Know the Enemy, Think Like the Enemy
8 Know the Business, Not Just the Technology
9 Technology Is Only One-Third of Any Solution
10 Every Organization Must Assume Some Risk
11 When Preparation Meets Opportunity, Excellence Happens
12 There Are Only Two Kinds of Organizations: Those That Know They've Been Compromised and Those That Don't Know Yet
13 In Information Security, Just Like in Life, Evolution Is Always Preferable to Extinction
14 A Security Culture Is In Place When Talk Is Replaced with Action
15 NEVER Trust and ALWAYS Verify
Section III SUMMARY
16 My Best Advice for New CISOs
Appendix A: The Written Information Security Plan
Appendix B: Talking to the Board
Appendix C: Establishing an Incident Response Program
Appendix D: Sample High-Level Risk Assessment Methodology
Este título pertence ao(s) assunto(s) indicados(s). Para ver outros títulos clique no assunto desejado.
Intrusion Prevention Systems;chief;CIO;information;Chief Information Security Officer;security;Professional Development;officer;RACI Chart;intrusion;CISO;prevention;Sensitive Information;systems;RACI Matrix;remote;Successful CISO;access;Incident Response Team;trojan;CISO Role;Antivirus Software;Cardholder Data;Safe Harbor Privacy Principles;Remote Access Trojan;Information Security;Card Industry Data Security Standard;Payment Card Industry Data Security;Packet Filter;Security Awareness;Penetration Testing;Gramm Leach Bliley Act;Access Control Lists;Fix;Incident Response Program
List of Figures
List of Tables
Prologue
Foreword
Acknowledgments
Author
Section I INTRODUCTION AND HISTORY
1 Introduction: The Journey
2 Learning from History?
3 My First CISO Lesson: The Squirrel
Section II THE RULES AND INDUSTRY DISCUSSION
4 A Weak Foundation Amplifies Risk
5 If a Bad Guy Tricks You into Running His Code on Your Computer, It's Not Your Computer Anymore
6 There's Always a Bad Guy Out There Who's Smarter, More Knowledgeable, or Better-Equipped Than You
7 Know the Enemy, Think Like the Enemy
8 Know the Business, Not Just the Technology
9 Technology Is Only One-Third of Any Solution
10 Every Organization Must Assume Some Risk
11 When Preparation Meets Opportunity, Excellence Happens
12 There Are Only Two Kinds of Organizations: Those That Know They've Been Compromised and Those That Don't Know Yet
13 In Information Security, Just Like in Life, Evolution Is Always Preferable to Extinction
14 A Security Culture Is In Place When Talk Is Replaced with Action
15 NEVER Trust and ALWAYS Verify
Section III SUMMARY
16 My Best Advice for New CISOs
Appendix A: The Written Information Security Plan
Appendix B: Talking to the Board
Appendix C: Establishing an Incident Response Program
Appendix D: Sample High-Level Risk Assessment Methodology
List of Tables
Prologue
Foreword
Acknowledgments
Author
Section I INTRODUCTION AND HISTORY
1 Introduction: The Journey
2 Learning from History?
3 My First CISO Lesson: The Squirrel
Section II THE RULES AND INDUSTRY DISCUSSION
4 A Weak Foundation Amplifies Risk
5 If a Bad Guy Tricks You into Running His Code on Your Computer, It's Not Your Computer Anymore
6 There's Always a Bad Guy Out There Who's Smarter, More Knowledgeable, or Better-Equipped Than You
7 Know the Enemy, Think Like the Enemy
8 Know the Business, Not Just the Technology
9 Technology Is Only One-Third of Any Solution
10 Every Organization Must Assume Some Risk
11 When Preparation Meets Opportunity, Excellence Happens
12 There Are Only Two Kinds of Organizations: Those That Know They've Been Compromised and Those That Don't Know Yet
13 In Information Security, Just Like in Life, Evolution Is Always Preferable to Extinction
14 A Security Culture Is In Place When Talk Is Replaced with Action
15 NEVER Trust and ALWAYS Verify
Section III SUMMARY
16 My Best Advice for New CISOs
Appendix A: The Written Information Security Plan
Appendix B: Talking to the Board
Appendix C: Establishing an Incident Response Program
Appendix D: Sample High-Level Risk Assessment Methodology
Este título pertence ao(s) assunto(s) indicados(s). Para ver outros títulos clique no assunto desejado.
Intrusion Prevention Systems;chief;CIO;information;Chief Information Security Officer;security;Professional Development;officer;RACI Chart;intrusion;CISO;prevention;Sensitive Information;systems;RACI Matrix;remote;Successful CISO;access;Incident Response Team;trojan;CISO Role;Antivirus Software;Cardholder Data;Safe Harbor Privacy Principles;Remote Access Trojan;Information Security;Card Industry Data Security Standard;Payment Card Industry Data Security;Packet Filter;Security Awareness;Penetration Testing;Gramm Leach Bliley Act;Access Control Lists;Fix;Incident Response Program