Mark Leary - Building a Practical Information Security Program read online book TXT, MOBI, EPUB
9780128020425 English 0128020423 "Building a Practical Information Security Program" provides users with a strategic view on how to build an information security program that aligns with business objectives. The information provided enables both executive management and IT managers not only to validate existing security programs, but also to build new business-driven security programs. In addition, the subject matter supports aspiring security engineers to forge a career path to successfully manage a security program, thereby adding value and reducing risk to the business. Readers learn how to translate technical challenges into business requirements, understand when to "go big or go home," explore in-depth defense strategies, and review tactics on when to absorb risks. This book explains how to properly plan and implement an infosec program based on business strategy and results. Provides a roadmap on how to build a security program that will protect companies from intrusionShows how to focus the security program on its essential mission and move past FUD (fear, uncertainty, and doubt) to provide business valueTeaches how to build consensus with an effective business-focused program, Cybersecurity can be a daunting topic for many businesses. With so many sources - including regulations, standards, and frameworks - telling you what to do and what to worry about, it's no wonder that security programs have difficulty providing business value. Building a Practical Information Security Program provides you with a strategic view of how to build an information security program that aligns with business objectives. The information provided will enable both executive management and IT managers to validate existing security programs and build new business-driven security programs. The subject matter also enables aspiring security engineers to forge a career path to successfully managing a security program that adds value to and reduces the risk of the business. Building a Practical Information Security Program starts with resolving immediate tactical needs, transforming security needs into strategic goals, and ultimately leads you to putting the program into operation with full life-cycle management. You'll learn how to translate technical challenges into business requirements, when to "go big or go home", in-depth defense strategies, and when to absorb the risk. Author David Guretz has built large-scale enterprise security programs that meet business objectives and succeed. There is so much noise, marketing, and fear in the industry now that spending and deploying based on generic products and standards is often fruitless, and a costly waste of time and energy. This book shows you how to properly plan and implement an infosec program based on business strategy and results. Provides a roadmap for how to build a program to protect your company Shows how to focus the security program on its essential mission and move past FUD (fear, uncertainty, and doubt) to provide business value Teaches how to build consensus with an effective business-focused program
9780128020425 English 0128020423 "Building a Practical Information Security Program" provides users with a strategic view on how to build an information security program that aligns with business objectives. The information provided enables both executive management and IT managers not only to validate existing security programs, but also to build new business-driven security programs. In addition, the subject matter supports aspiring security engineers to forge a career path to successfully manage a security program, thereby adding value and reducing risk to the business. Readers learn how to translate technical challenges into business requirements, understand when to "go big or go home," explore in-depth defense strategies, and review tactics on when to absorb risks. This book explains how to properly plan and implement an infosec program based on business strategy and results. Provides a roadmap on how to build a security program that will protect companies from intrusionShows how to focus the security program on its essential mission and move past FUD (fear, uncertainty, and doubt) to provide business valueTeaches how to build consensus with an effective business-focused program, Cybersecurity can be a daunting topic for many businesses. With so many sources - including regulations, standards, and frameworks - telling you what to do and what to worry about, it's no wonder that security programs have difficulty providing business value. Building a Practical Information Security Program provides you with a strategic view of how to build an information security program that aligns with business objectives. The information provided will enable both executive management and IT managers to validate existing security programs and build new business-driven security programs. The subject matter also enables aspiring security engineers to forge a career path to successfully managing a security program that adds value to and reduces the risk of the business. Building a Practical Information Security Program starts with resolving immediate tactical needs, transforming security needs into strategic goals, and ultimately leads you to putting the program into operation with full life-cycle management. You'll learn how to translate technical challenges into business requirements, when to "go big or go home", in-depth defense strategies, and when to absorb the risk. Author David Guretz has built large-scale enterprise security programs that meet business objectives and succeed. There is so much noise, marketing, and fear in the industry now that spending and deploying based on generic products and standards is often fruitless, and a costly waste of time and energy. This book shows you how to properly plan and implement an infosec program based on business strategy and results. Provides a roadmap for how to build a program to protect your company Shows how to focus the security program on its essential mission and move past FUD (fear, uncertainty, and doubt) to provide business value Teaches how to build consensus with an effective business-focused program