Helion


Szczegóły ebooka

Cybersecurity Leadership Demystified

Cybersecurity Leadership Demystified


The chief information security officer (CISO) is responsible for an organization's information and data security. The CISO's role is challenging as it demands a solid technical foundation as well as effective communication skills. This book is for busy cybersecurity leaders and executives looking to gain deep insights into the domains important for becoming a competent cybersecurity leader.

The book begins by introducing you to the CISO's role, where you'll learn key definitions, explore the responsibilities involved, and understand how you can become an efficient CISO. You'll then be taken through end-to-end security operations and compliance standards to help you get to grips with the security landscape. In order to be a good leader, you'll need a good team. This book guides you in building your dream team by familiarizing you with HR management, documentation, and stakeholder onboarding. Despite taking all that care, you might still fall prey to cyber attacks; this book will show you how to quickly respond to an incident to help your organization minimize losses, decrease vulnerabilities, and rebuild services and processes. Finally, you'll explore other key CISO skills that'll help you communicate at both senior and operational levels.

By the end of this book, you'll have gained a complete understanding of the CISO's role and be ready to advance your career.

  • Cybersecurity Leadership Demystified
  • Foreword
  • The current cybersecurity posture
  • Empowering and protecting your end users
  • Contributors
  • About the author
  • About the reviewers
  • Preface
    • Who this book is for
    • What this book covers
    • Download the color images
    • Get in touch
    • Share Your Thoughts
  • Chapter 1: A CISOs Role in Security Leadership
    • Defining a CISO and their responsibilities
      • Definition of a CISO
      • Responsibilities of a CISO
      • What exactly is a CISO?
    • Understanding the similarities and differences between a CISO and a CSO
    • Distinguishing between a CIO, a CTO, and a CISO
    • Designing a security leadership role
    • Expanding the role of a CISO
    • The changing role of a CISO
    • How to become a CISO
      • CISO responsibilities
      • Who should not become a CISO?
    • Learning about CISO certification
      • EC-Council CISO program
      • CCISO program
      • Other certifications
    • Summary
    • Further reading
  • Chapter 2: End-to-End Security Operations
    • Evaluating the IT threat landscape
      • Knowledge of company operations
      • Assessment tools
      • Trends in cyber threats
    • Devising policies and controls to reduce risk
      • Internal staff policies
      • Other company policies
    • Leading auditing and compliance initiatives
      • Anti-malware and anti-spyware software
      • Compliance with international regulations
      • Examples of regulations and regulatory bodies
    • Managing information security initiatives
      • Strategic security planning
      • The hiring of a security team
    • Establishing partnerships with vendors and security experts
      • Establishing partnerships
      • Security experts as a knowledge resource
      • System security evaluation tools
      • Creating long-term working relationships with vendors
      • Establishing clear communication channels
      • Customer advisory groups
    • Summary
    • Further reading
  • Chapter 3: Compliance and Regulations
    • Defining data compliance
    • Understanding GDPR
      • The history of GDPR
      • GDPR key definitions
      • GDRP data protection principles
      • The CISO role in GDPR
    • Learning about HIPAA
      • Privacy rule
      • Right to access PHI
      • Potential risks
      • The three HIPAA rules
    • Introducing the CCPA
      • What does the CCPA entail?
      • The CCPA rights
      • Personal information
      • Failure to comply with the CCPA
    • Understanding the HITECH Act
      • Important HITECH amendments and provisions
      • Goals of the HITECH Act
    • Getting to know the EFTA
      • History of the EFTA
      • The EFTA requirements for service providers
    • Introducing COPPA
      • COPPA violations
      • COPPA compliance
    • Learning about Sarbanes-Oxley
      • History of the Sarbanes-Oxley Act
      • Key provisions of the Sarbanes-Oxley Act
    • Understanding FISMA
      • Reasons for creating FISMA
      • FISMA compliance
      • FISMA non-compliance penalties
    • Finding out about PIPEDA
    • Understanding IT compliance and the CISO's role
    • Summary
    • Further reading
  • Chapter 4: Role of HR in Security
    • Understanding security posture
      • Security posture features
      • IT assets inventory
      • Security controls
      • Attack vectors
      • Attack surface
      • Automating the security posture
      • Ways of improving an organization's security posture
      • Assessing an organization's security posture
      • Important steps in security posture assessment
    • Exploring human error and its impact on organizations
      • Preventing insider security threats
    • Hiring procedures
      • Performing verification checks for job candidates
      • Security education and training
      • Security risk awareness
      • Organizational culture
      • Policies for IAM
      • General safety procedures
      • Employment procedures
      • Vendors, contractors, and consultants procedures
      • Tight hiring practices
      • Using strong authentication mechanisms
      • Securing internet access
      • Investigating anomalous activities
      • Refocusing perimeter strategies and tools
      • Monitoring misuse of assets
    • Summary
    • Further reading
  • Chapter 5: How Documentation Contributes to Security
    • Why information system documentation for security is important
      • What is information security documentation?
      • Why document?
      • Approving the security documentation
      • Maintaining the security documentation
      • Communicating the security documentation
    • Understanding compliance with documentation
      • ISO 27001
    • Describing some examples of cybersecurity documents
      • Information security policy (ISP)
      • Incident management plan (IMP)
      • Risk management
      • Disaster recovery (DR) and the business continuity plan (BCP)
    • Tips for better security
    • Building a cyber strategy plan
      • Why do we need to build a cyber strategy?
      • How to build a cyber strategy
      • Best cyber-attack strategies
      • Best cyber defense strategies
    • Summary
    • Further reading
  • Chapter 6: Disaster Recovery and Business Continuity
    • Integrating cybersecurity with a DPP
    • BIA
      • Classification of data
    • DRaaS
      • Developing a communication plan
      • Automated testing processes
      • Immutable data backups
      • Data reuse
      • Continuous updates
      • Long-term planning
    • Understanding the relationship between cybersecurity and BC
      • Planning for ransomware and DoS attacks
      • Using quality backups
      • User training and education
    • Learning about supply chain continuity
    • Introducing the key components of a BC plan
      • How to identify BC risks
      • Types of DR
      • Using AI for DR and BC processes
      • Emerging technologies in the DR and BC landscape
      • Tips on building a strong and effective DR plan
      • Importance of a certified and skilled cybersecurity workforce
    • Summary
    • Further reading
  • Chapter 7: Bringing Stakeholders On Board
    • Evaluating business opportunities versus security risks
      • The role of a CISO in risk management
    • Optimal budgeting
      • Communication
      • Corporate governance
      • Duties of top management in an organization
      • Reporting to the board of directors
      • Getting employees on board
      • Getting customers on board
      • Getting shareholders on board
      • Getting the community on board
    • Summary
    • Further reading
  • Chapter 8: Other CISO Tasks
    • Contributing to technical projects
    • Partnering with internal and external providers
      • Security policies implementation
      • Security planning needs resources
      • Role in recruitment
      • Partnering with security tool providers and consultants
    • Evaluating employee behavior
      • Employee motivation
      • The remuneration and rewarding systems
      • Employee skill level
      • User and entity behavior analytics (UEBA)
    • Financial reporting
    • Addressing cybersecurity as a business problem
    • Summary
    • Further reading
  • Chapter 9: Congratulations! You Are Hired
    • How to get hired as a CISO
      • Qualifications for a CISO job
      • Job experience
      • Communication ability
      • Leadership skills
      • Steps to follow to become a CISO
      • The top skills required to succeed as a CISO
    • Your first 90 days as a CISO
      • List of dos in the first 90 days
    • Summary
    • Further reading
  • Chapter 10: Security Leadership
    • Developing suitable security policies
      • Communicating cybersecurity issues clearly
      • Getting a bigger budget
      • Leading by example
      • Having training conferences and seminars for employees
    • Building a cybersecurity strategy
    • Telling your story
    • Presenting to the board
    • Leadership and team
    • Summary
    • Further reading
  • Chapter 11: Conclusion
    • Defining the CISO role and what the role entails
    • How a CISO ensures E2E security operations are in place in an organization
    • The compliance factor and how a CISO addresses the issue
    • The role of HR management in cybersecurity issues
    • How documentation plays a huge role in effective security leadership
    • DR and BC factors in cybersecurity
    • Understanding the role of various stakeholders in an organization
    • Other CISO roles in an organization
    • Getting hired as a CISO executive
    • What security leadership entails
    • Summary
  • Chapter 12: Ask the Experts
    • Protecting and defending your organization from cyberattacks by Marcus Murray
      • 1 Include cyber risks in your risk catalog
      • 2 Define the greater goal of your cybersecurity efforts
      • 3 Design a pragmatic cybersecurity program and choose an advisor wisely
      • 4 Use threat intelligence as a tool for strategic cybersecurity
      • 5 Invest in a detection and response capability
      • 6 Implement the most important controls as quickly as possible
      • About Marcus Murray
    • Path to becoming a successful CISO by Adel Abdel Moneim
      • Business context understanding
      • Governance, risk, and compliance
      • Security domains
      • Cybersecurity frameworks, standards, and best practices
      • Business continuity, disaster recovery, and resilience
      • Cybersecurity workforce skills development and security awareness
      • Security operations
      • Cybersecurity performance metrics and monitoring
      • Other business-related skills
      • Quotes
      • About Adel Abdel Moneim
    • Recommendations for cybersecurity professionals who want to be CISOs by Mert Sarica
      • About Mert Sarica
    • How a modern CISO could work on improving security within their organizations and maintain a good cybersecurity posture by Dr. Mike Jankowski-Lorek and Paula Januszkiewicz
      • How could a CISO work on improving security within their organization and stay ahead of the game?
      • About Dr. Mike Jankowski-Lorek
      • About Paula Januszkiewicz
    • Advice for a CISO by Raif Sarica and Şükrü Durmaz
      • About Şükrü Durmaz
      • About Sarif Sarica
    • Cybersecurity leadership demystified Pave your way to becoming a world-class modern-day cybersecurity expert and a global CISO by Dr. Timothy C. Summers
    • The future of cybersecurity leadership by Timothy C. Summers, Ph.D.
      • Why is innovative cybersecurity leadership important?
      • We need to rethink what cybersecurity leadership means
      • The CISO must be the enterprise digital trust champion
      • Strong cybersecurity leaders recognize the importance of strategy
      • Imagining the future of cybersecurity
      • Cybersecurity leaders must embrace big ideas
      • Successful cybersecurity leaders must think like business leaders
      • About Dr. Timothy C. Summers
    • Working with security experts by Vladimir Meloski
      • Analyze the risks
      • Constantly monitor trends in security threats
      • Apply security best practices
      • Correlate information from different security products
      • Deliver regular security training for IT employees
      • Deliver regular security training for business employees
      • Perform ethical hacking procedures
      • Implement a security standard
      • Prevention is better than cure
      • About Vladimir Meloski
    • A CISO's communication with the board on three critical subjects by Dr. Süleyman Özarslan
      • About Dr. Süleyman Özarslan
    • Crush the triangle by Raymond Comvalius
      • Continuous life-cycle management
      • Continuous patch management
      • Cloud focus
      • Zero trust
      • Retention policies
      • The biggest risk factor your colleagues
      • About Raymond Comvalius
    • Why subscribe?
  • Another Book You May Enjoy
    • Packt is searching for authors like you
    • Share Your Thoughts