If you're a cybersecurity professional, then you know how it often seems that no one cares about--or understands--information security. Infosec professionals frequently struggle to integrate security into their companies' processes. Many are at odds with their organizations. Most are underresourced. There must be a better way. This essential manager's guide offers a new approach to building and maintaining an information security program that's both effective and easy to follow.Author and longtime chief information security officer (CISO) Todd Barnum upends the assumptions security professionals take for granted. CISOs, chief security officers, chief information officers, and IT security professionals will learn a simple seven-step process for building a new program or improving a current one.Build better relationships across the organizationAlign your role with your company's values, culture, and tolerance for information lossLay the groundwork for your security programCreate a communications program to share your team's contributions and educate your coworkersTransition security functions and responsibilities to other teamsOrganize and build an effective infosec teamMeasure your company's ability to recognize and report security policy violations and phishing emails
If you're a cybersecurity professional, then you know how it often seems that no one cares about (or understands) information security. InfoSec professionals frequently struggle to integrate security into their companies' processes. Many are at odds with their organizations. Most are under-resourced. There must be a better way. This essential manager's guide offers a new approach to building and maintaining an information security program that's both effective and easy to follow.Author and longtime chief information security officer (CISO) Todd Barnum upends the assumptions security professionals take for granted. CISOs, chief security officers, chief information officers, and IT security professionals will learn a simple seven-step process for building a new program or improving a current one.Build better relationships across the organizationAlign your role with your company's values, culture, and tolerance for information lossLay the groundwork for your security programCreate a communications program to share your team's contributions and educate your coworkersTransition security functions and responsibilities to other teamsOrganize and build an effective InfoSec teamMeasure your com