Develop strategic plans for building cybersecurity programs and prepare your organization for compliance investigations and audits
Key Features
- Get started as a cybersecurity executive and design an infallible security program
- Perform assessments and build a strong risk management framework
- Promote the importance of security within the organization through awareness and training sessions
Book Description
Ransomware, phishing, and data breaches are major concerns affecting all organizations as a new cyber threat seems to emerge every day, making it paramount to protect the security of your organization and be prepared for potential cyberattacks. This book will ensure that you can build a reliable cybersecurity framework to keep your organization safe from cyberattacks.
This Executive's Cybersecurity Program Handbook explains the importance of executive buy-in, mission, and vision statement of the main pillars of security program (governance, defence, people and innovation). You'll explore the different types of cybersecurity frameworks, how they differ from one another, and how to pick the right framework to minimize cyber risk. As you advance, you'll perform an assessment against the NIST Cybersecurity Framework, which will help you evaluate threats to your organization by identifying both internal and external vulnerabilities. Toward the end, you'll learn the importance of standard cybersecurity policies, along with concepts of governance, risk, and compliance, and become well-equipped to build an effective incident response team.
By the end of this book, you'll have gained a thorough understanding of how to build your security program from scratch as well as the importance of implementing administrative and technical security controls.
What you will learn
- Explore various cybersecurity frameworks such as NIST and ISO
- Implement industry-standard cybersecurity policies and procedures effectively to minimize the risk of cyberattacks
- Find out how to hire the right talent for building a sound cybersecurity team structure
- Understand the difference between security awareness and training
- Explore the zero-trust concept and various firewalls to secure your environment
- Harden your operating system and server to enhance the security
- Perform scans to detect vulnerabilities in software
Who this book is for
This book is for you if you are a newly appointed security team manager, director, or C-suite executive who is in the transition stage or new to the information security field and willing to empower yourself with the required knowledge. As a Cybersecurity professional, you can use this book to deepen your knowledge and understand your organization's overall security posture. Basic knowledge of information security or governance, risk, and compliance is required.
Table of Contents
- The First 90 Days
- Choosing the Right Cybersecurity Framework
- Cybersecurity Strategic Planning through the Assessment Process
- Establishing Governance through Policy
- The Security Team
- Risk Management
- Incident Response
- Security Awareness and Training
- Network Security
- Computer and Server Security
- Securing Software Development through DevSecOps
- Testing Your Security and Building Metrics
Jason Brown's passion lies in data privacy and cybersecurity. He has spent his career working with businesses, from small to large international companies, developing robust data privacy and cybersecurity programs. Jason has held titles such as chief information security officer, virtual chief information security officer, and data privacy officer. He has obtained many industry-leading certifications including ISC2's CISSP, ISACA's CDPSE and COBIT, and ITIL, and holds a Bachelor of Science degree from Central Michigan University and a Master of Science degree from Ferris State University.
