Vai al contenuto principale della pagina
Autore: | Badhwar Raj |
Titolo: | The CISO's transformation : security leadership in a high threat landscape / / Raj Badhwar |
Pubblicazione: | Cham, Switzerland : , : Springer, , [2021] |
©2021 | |
Descrizione fisica: | 1 online resource (180 pages) |
Disciplina: | 005.8 |
Soggetto topico: | Computer security - Management |
Nota di contenuto: | Intro -- Foreword -- Preface -- Acknowledgment -- Contents -- About the Author -- Abbreviations -- Part I: Effective CISO Leadership -- CISOs - Leading from the Front! -- 1 Introduction -- 2 Be the Security Evangelist -- 2.1 Take an Active Hand in Creating the Cybersecurity Policy and Standards -- 2.2 Lead Innovation and Next-Generation Security Technology Implementations -- 2.3 Secure Cloud Environments -- 2.4 Make the Case for Security to Both Technical and Business Audiences -- 2.5 Understand, Assess, and Quantify Cyber Risk -- 2.6 Lead Tactical vs. Strategic Implementations -- 2.7 Lead User Training and Communications -- 2.8 Be Prepared to React to Cyber-Attacks and Other Cyber-Induced Disruptions -- 2.9 Make the Case to the Board of Directors and Other Executives -- 2.10 Recruit and Retain -- 2.11 Attract Women and Other Minorities to the Cyber Security Profession -- 2.12 Win the Market Place -- 3 The CISO Take -- 4 Definitions -- References -- Further Read.ing -- More CISOs on Corporate Boards -- 1 Preface -- 2 Let's Define Cyber Threats and Cyber Risk First -- 3 Making the Case -- 4 The CISO Take -- 5 Definitions -- References -- Further Reading -- Cyber Program Turnaround by New CISO -- 1 The Human Element -- 2 Use of Security Frameworks -- 3 Adoption of a Cloud-Based Security Stack -- 4 Zero Trust -- 5 Seamless Biometric Authentication -- 6 Making Use of Threat Intelligence -- 7 Active Board-Level Participation -- 8 Effectiveness Testing -- 9 The CISO Take -- 10 Definitions -- References -- Further Reading -- CISOs - The Next Step! -- 1 Introduction -- 2 Current State for Most Hands-on CISOs -- 3 The Near-Future State -- 4 The Not-So-Distant Future State -- 4.1 Cybersecurity Product Development -- 4.2 Cybersecurity Services Development -- 4.3 Cyber Wellness -- 4.4 Cyber Insurance Certification and Attestation. |
4.5 How Can This Be Delivered? -- 5 The CISO Take -- 6 Definitions -- References -- Further Reading -- CISO Maturity Model -- 1 Introduction -- 2 The Maturity Model -- 2.1 The Technical Track -- Level 1 (L1 CISO) -- Level 4 (L4 CISO) -- Level 5 (L5 CISO) -- 2.2 The Business Track -- Level 2 (L2 CISO) -- Level 3 (L3 CISO) -- Level 6 (Core CISO) -- 2.3 The Hybrid Track -- Level 7 (CSO) -- Level 8 (High-Impact CISO) -- Level 9 (Executive CISO) -- 3 The CISO Take -- 4 Definitions -- References -- Further Reading -- CISO Commentary on Some Emerging and Disruptive Technologies -- 1 Introduction -- 2 Security Commentary -- 3 The CISO Take -- 4 Definitions -- References -- Further Reading -- See Something, Do Something! -- 1 Genesis -- 2 See Something, Say Something -- 3 See Something, Do Something -- 3.1 Making the Case -- Removal of Conflict of Interest -- Empowerment and Enablement -- Separation of Roles and Responsibilities -- Training and Awareness -- 4 The CISO Take -- 5 Definitions -- References -- My Journey as a Writer -- 1 Introduction -- 2 Early Years -- 3 Technical Writing -- 4 The CISO Take -- Further Reading -- Defensive Measures in the Wake of the SolarWinds Fallout -- 1 Introduction -- 2 Generic Defensive Measures -- 2.1 Enable Improved DNS Alerting Using a DNS Sinkhole -- 2.2 Deploy Malware Kill Switch -- 2.3 Perform Monitoring and Alerting Enhancements -- 2.4 Detect Golden SAML Attacks -- 2.5 Reconsider the Usage of DOH -- 2.6 Better Manage Third-Party Risk -- 3 SolarWinds Specific Actions -- 4 The CISO Take -- 5 Definitions -- References -- Further Reading -- Part II: Cybersecurity Team Building -- Cyber Exceptionalism -- 1 Genesis -- 2 Introduction -- 3 What is Cyber Exceptionalism? -- 4 Who Can Be Cyber Exceptional? -- 5 How Can One Become Cyber-Exceptional? -- 6 My Cyber Journey -- 7 The CISO Take -- 8 Definitions -- References. | |
Further Reading -- Special Needs, Disability, and Cybersecurity: Often, a Great Fit -- 1 Making the Case -- 2 The CISO Take -- 3 Definitions -- References -- Further Reading -- Bias-Free Lexicon -- 1 Introduction -- 2 Shoring Up Professionalism in the Workplace -- 3 What's the Impediment to Linguistic Reform? -- 3.1 Response to Impediments -- 4 Corrective Behaviors -- 5 The Next Step -- 6 The CISO Take -- 7 Definitions -- References -- Further Reading -- The Grass Is Not Always Greener on the Other Side -- 1 Introduction -- 2 Happiness and Job Satisfaction -- 3 Don't Burn Your Bridges -- 4 Get a Mentor -- 5 Other Implications -- 6 The CISO Take -- Further Reading -- Let Not Any Outage Go to Waste -- 1 Introduction -- 2 Making the Case -- 3 Change Management -- 4 Operational Ownership -- 5 The CISO Take -- 6 Definitions -- References -- Further Reading -- If You Can't Hire Them, Then Develop Them -- 1 Introduction -- 2 Develop the Talent -- 2.1 Technology Aptitude -- 2.2 Flexibility -- 2.3 Business Domain Awareness -- 2.4 Mission Focus -- 2.5 Systems Thinking -- 2.6 Problem Solving -- 2.7 Collaboration -- 2.8 Expand the Net -- 2.9 Trust -- 3 Retention -- 3.1 Entry-Level -- 3.2 Mid-Level -- 3.3 Senior and Executive Level -- 4 The CISO Take -- Definitions -- Further Reading -- Should You Accept Counteroffers? -- 1 Introduction -- 2 General Advice and Comments -- 3 Advice to Employees -- 4 Advice to Managers -- 5 The Cybersecurity Skew -- 6 My Own Experience -- 7 The CISO Take -- Further Reading -- Importance of 1:1 Conversations -- 1 Introduction -- 2 Guidance -- 2.1 What Is Going Well? -- 2.2 What Is Not Going So Well? -- 2.3 Ask for Feedback -- 2.4 Give Feedback -- 2.5 Talk About Opportunities -- 2.6 Talk About Career Growth -- 2.7 Talk About Individual Development -- 2.8 Brainstorm Ideas -- 2.9 Skip Level Meetings -- 3 The CISO Take. | |
Further Reading -- The Cyber Hygiene Mantra -- 1 Introduction -- 2 Recommendation -- 2.1 Identify and Patch All High/Medium Risk Vulnerabilities -- 2.2 Reduce Threat Surface -- 2.3 Perform Identity and Access Management -- 2.4 Enable Asset Protection -- 2.5 Perform User Training and Awareness -- 2.6 Setup a Certification and Accreditation (C& -- A) Program -- 3 The CISO Take -- 4 Definitions -- References -- Further Reading -- Part III: Cybersecurity Prudence -- Cybersecurity Lessons from the Breach of Physical Security at US Capitol Building -- 1 Introduction -- 2 Best Practices -- 3 The CISO Take -- 4 Definitions -- References -- Further Reading -- Protect Society, the Commonwealth, and the Infrastructure - Post COVID-19 -- 1 Introduction -- 2 Technical Controls Required to Securely Work from Home, and Back -- 3 Number of Masks Required to Securely Go Back to Work -- 4 Virus Tracking (SARS-CoV-2) -- 5 The CISO Take -- 6 Definitions -- Further Reading -- Self-Service Recovery Options for Bricked Windows Devices -- 1 Introduction -- 2 Solutions -- 2.1 USB Boot Drive -- 2.2 Create a USB Recovery Drive, or Media (DVD or CD) -- 3 BSOD or Bricked? -- 3.1 USB Boot Drive -- 3.2 Recovery Drive -- 3.3 Prerequisites -- 4 Edge Cases -- 5 The CISO Take -- 6 Definitions -- References -- Further Reading -- Certification & -- Accreditation -- 1 Introduction -- 2 Making the Case -- 3 The Workflow Outline -- 3.1 Initiation Phase -- 3.2 Security Certification Phase -- 3.3 Security Accreditation Phase -- 3.4 Continuous Monitoring Phase -- 4 The CISO Take -- 5 Definitions -- References -- Further Reading -- Hack Back or Not? -- 1 Introduction -- 2 Genesis -- 3 What Is a Hack Back? -- 4 Security Issues and Impediments -- 4.1 Currency -- 4.2 Code Vulnerabilities -- 4.3 The Weak Link -- 4.4 Sophisticated Attackers -- 4.5 Lack of Defense Coordination. | |
4.6 Hacking Tools -- 5 Making the Case -- 5.1 Hacker Identities Are Unknown -- 5.2 It May Be Illegal -- 5.3 Open Cyber-Warfare -- 5.4 Friendly Fire -- 5.5 Asset Retrieval -- 6 The CISO Take -- 7 Definitions -- References -- Further Reading -- CISOs Need Liability Protection -- 1 Making the Case -- 2 Liability Insurance -- 2.1 Verify Your Coverage -- 3 Employment Contracts -- 4 State Laws -- 5 Company Bylaws -- 6 The CISO Take -- 7 Definitions -- References -- Further Reading -- Enable Secure Work-From-Home -- 1 Making the Case -- 2 The CISO Take -- References -- Further Reading -- Postlude - Paying It Forward -- Index. | |
Titolo autorizzato: | The CISO's Transformation |
ISBN: | 3-030-81412-2 |
Formato: | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione: | Inglese |
Record Nr.: | 9910506380403321 |
Lo trovi qui: | Univ. Federico II |
Opac: | Controlla la disponibilità qui |