If you’re a cybersecurity professional, then you know how it often seems that no one cares about (or understands) information security. InfoSec professionals frequently struggle to integrate security into their companies’ processes. Many are at odds with their organizations. Most are under-resourced. There must be a better way. This essential manager’s guide offers a new approach to building and maintaining an information security program that’s both effective and easy to follow.
Author and longtime chief information security officer (CISO) Todd Barnum upends the assumptions security professionals take for granted. CISOs, chief security officers, chief information officers, and IT security professionals will learn a simple seven-step process for building a new program or improving a current one.
Build better relationships across the organization
Align your role with your company’s values, culture, and tolerance for information loss
Lay the groundwork for your security program
Create a communications program to share your team’s contributions and educate your coworkers
Transition security functions and responsibilities to other teams
Organize and build an effective InfoSec team
Measure your company’s ability to recognize and report security policy violations and phishing emails