Rethinking InfoSec

Rethinking InfoSec PDF Author: Greg van der Gaast
Publisher:
ISBN:
Category :
Languages : en
Pages : 240

Get Book Here

Book Description
As one review on cybersecurity-professionals.com sums up:"If you are ready to make a fundamental change to the way you operate, that will save you money yet allow you to achieve so much more, this book is a must read!"Information Security spending is skyrocketing, both in absolute terms and as a percentage of IT spending. It seems the only thing increasing faster is the frequency and impact of breaches. It doesn't seem like the current approach is working very well, does it? Interestingly, the bulk of large breaches is caused by simple issues for which we've had the answers for decades, yet no one spotted. The answer, according to the nearly $250bn Information Security industry, is to spend more on technologies and services. Is it perhaps time to take a step back, shed our indoctrination, and have a fresh look at things?Greg van der Gaast started as one of the most notorious hackers of the late 1990's. He is now the Head of Information Security for the University of Salford, Managing Director of InfoSec Strategy consultancy CMCG, and a university lecturer and private trainer in Information Security leadership. He also is a frequent speaker on making security more human, accountable, and proactive. A candid critic of the security status quo, he is considered a nutter by many in the field. Conversely, he's lost count of how many management teams have told him he was the first security guy to ever make sense to them. Who's crazy? You decide.Rethinking InfoSec presents views on what causes many of today's issues and costs and thoughts on how we can create a lot more assurance with far, far less.Some of the topics covered:-Strategically implement effective InfoSec programmes.-Boost business alignment, collaboration, and buy-in.-Simplify and achieve assurance and compliance.-Ensure holistic coverage.-Avoid costly reactive approaches.-Reduce issues through proactivity.-Establish brand and influence.-Structure teams for maximum effectiveness.-Leverage human potential.Reduce information security pressure, stress, and spending, all while increasing assurance and reward. We can do better, lets.

Rethinking InfoSec

Rethinking InfoSec PDF Author: Greg van der Gaast
Publisher:
ISBN:
Category :
Languages : en
Pages : 240

Get Book Here

Book Description
As one review on cybersecurity-professionals.com sums up:"If you are ready to make a fundamental change to the way you operate, that will save you money yet allow you to achieve so much more, this book is a must read!"Information Security spending is skyrocketing, both in absolute terms and as a percentage of IT spending. It seems the only thing increasing faster is the frequency and impact of breaches. It doesn't seem like the current approach is working very well, does it? Interestingly, the bulk of large breaches is caused by simple issues for which we've had the answers for decades, yet no one spotted. The answer, according to the nearly $250bn Information Security industry, is to spend more on technologies and services. Is it perhaps time to take a step back, shed our indoctrination, and have a fresh look at things?Greg van der Gaast started as one of the most notorious hackers of the late 1990's. He is now the Head of Information Security for the University of Salford, Managing Director of InfoSec Strategy consultancy CMCG, and a university lecturer and private trainer in Information Security leadership. He also is a frequent speaker on making security more human, accountable, and proactive. A candid critic of the security status quo, he is considered a nutter by many in the field. Conversely, he's lost count of how many management teams have told him he was the first security guy to ever make sense to them. Who's crazy? You decide.Rethinking InfoSec presents views on what causes many of today's issues and costs and thoughts on how we can create a lot more assurance with far, far less.Some of the topics covered:-Strategically implement effective InfoSec programmes.-Boost business alignment, collaboration, and buy-in.-Simplify and achieve assurance and compliance.-Ensure holistic coverage.-Avoid costly reactive approaches.-Reduce issues through proactivity.-Establish brand and influence.-Structure teams for maximum effectiveness.-Leverage human potential.Reduce information security pressure, stress, and spending, all while increasing assurance and reward. We can do better, lets.

Re-Thinking the Human Factor

Re-Thinking the Human Factor PDF Author: Bruce Hallas
Publisher:
ISBN: 9781999695514
Category :
Languages : en
Pages : 148

Get Book Here

Book Description
In 'Rethinking the Human Factor', information security expert, Bruce Hallas sets out a new philosophical approach. Rather than creating a separate security culture, Hallas' focus is on how to make risk mitigation an unconscious 'habit' that's embedded within the organisation.

GDPR For Dummies

GDPR For Dummies PDF Author: Suzanne Dibble
Publisher: John Wiley & Sons
ISBN: 1119546176
Category : Business & Economics
Languages : en
Pages : 527

Get Book Here

Book Description
Don’t be afraid of the GDPR wolf! How can your business easily comply with the new data protection and privacy laws and avoid fines of up to $27M? GDPR For Dummies sets out in simple steps how small business owners can comply with the complex General Data Protection Regulations (GDPR). These regulations apply to all businesses established in the EU and to businesses established outside of the EU insofar as they process personal data about people within the EU. Inside, you’ll discover how GDPR applies to your business in the context of marketing, employment, providing your services, and using service providers. Learn how to avoid fines, regulatory investigations, customer complaints, and brand damage, while gaining a competitive advantage and increasing customer loyalty by putting privacy at the heart of your business. Find out what constitutes personal data and special category data Gain consent for online and offline marketing Put your Privacy Policy in place Report a data breach before being fined 79% of U.S. businesses haven’t figured out how they’ll report breaches in a timely fashion, provide customers the right to be forgotten, conduct privacy impact assessments, and more. If you are one of those businesses that hasn't put a plan in place, then GDPR For Dummies is for you.

Information Security

Information Security PDF Author: Seymour Goodman
Publisher: Routledge
ISBN: 1315288672
Category : Business & Economics
Languages : en
Pages : 331

Get Book Here

Book Description
Information security is everyone's concern. The way we live is underwritten by information system infrastructures, most notably the Internet. The functioning of our business organizations, the management of our supply chains, and the operation of our governments depend on the secure flow of information. In an organizational environment information security is a never-ending process of protecting information and the systems that produce it.This volume in the "Advances in Management Information Systems" series covers the managerial landscape of information security. It deals with how organizations and nations organize their information security policies and efforts. The book covers how to strategize and implement security with a special focus on emerging technologies. It highlights the wealth of security technologies, and also indicates that the problem is not a lack of technology but rather its intelligent application.

Handbook of Information Security, Information Warfare, Social, Legal, and International Issues and Security Foundations

Handbook of Information Security, Information Warfare, Social, Legal, and International Issues and Security Foundations PDF Author: Hossein Bidgoli
Publisher: John Wiley & Sons
ISBN: 0470051205
Category : Business & Economics
Languages : en
Pages : 1008

Get Book Here

Book Description
The Handbook of Information Security is a definitive 3-volume handbook that offers coverage of both established and cutting-edge theories and developments on information and computer security. The text contains 180 articles from over 200 leading experts, providing the benchmark resource for information security, network security, information privacy, and information warfare.

Managing Risk and Information Security

Managing Risk and Information Security PDF Author: Malcolm Harkins
Publisher: Apress
ISBN: 143025114X
Category : Computers
Languages : en
Pages : 145

Get Book Here

Book Description
Managing Risk and Information Security: Protect to Enable, an ApressOpen title, describes the changing risk environment and why a fresh approach to information security is needed. Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This compact book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk. With ApressOpen, content is freely available through multiple online distribution channels and electronic formats with the goal of disseminating professionally edited and technically reviewed content to the worldwide community. Here are some of the responses from reviewers of this exceptional work: “Managing Risk and Information Security is a perceptive, balanced, and often thought-provoking exploration of evolving information risk and security challenges within a business context. Harkins clearly connects the needed, but often-overlooked linkage and dialog between the business and technical worlds and offers actionable strategies. The book contains eye-opening security insights that are easily understood, even by the curious layman.” Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel “As disruptive technology innovations and escalating cyber threats continue to create enormous information security challenges, Managing Risk and Information Security: Protect to Enable provides a much-needed perspective. This book compels information security professionals to think differently about concepts of risk management in order to be more effective. The specific and practical guidance offers a fast-track formula for developing information security strategies which are lock-step with business priorities.” Laura Robinson, Principal, Robinson Insight Chair, Security for Business Innovation Council (SBIC) Program Director, Executive Security Action Forum (ESAF) “The mandate of the information security function is being completely rewritten. Unfortunately most heads of security haven’t picked up on the change, impeding their companies’ agility and ability to innovate. This book makes the case for why security needs to change, and shows how to get started. It will be regarded as marking the turning point in information security for years to come.” Dr. Jeremy Bergsman, Practice Manager, CEB “The world we are responsible to protect is changing dramatically and at an accelerating pace. Technology is pervasive in virtually every aspect of our lives. Clouds, virtualization and mobile are redefining computing – and they are just the beginning of what is to come. Your security perimeter is defined by wherever your information and people happen to be. We are attacked by professional adversaries who are better funded than we will ever be. We in the information security profession must change as dramatically as the environment we protect. We need new skills and new strategies to do our jobs effectively. We literally need to change the way we think. Written by one of the best in the business, Managing Risk and Information Security challenges traditional security theory with clear examples of the need for change. It also provides expert advice on how to dramatically increase the success of your security strategy and methods – from dealing with the misperception of risk to how to become a Z-shaped CISO. Managing Risk and Information Security is the ultimate treatise on how to deliver effective security to the world we live in for the next 10 years. It is absolute must reading for anyone in our profession – and should be on the desk of every CISO in the world.” Dave Cullinane, CISSP CEO Security Starfish, LLC “In this overview, Malcolm Harkins delivers an insightful survey of the trends, threats, and tactics shaping information risk and security. From regulatory compliance to psychology to the changing threat context, this work provides a compelling introduction to an important topic and trains helpful attention on the effects of changing technology and management practices.” Dr. Mariano-Florentino Cuéllar Professor, Stanford Law School Co-Director, Stanford Center for International Security and Cooperation (CISAC), Stanford University “Malcolm Harkins gets it. In his new book Malcolm outlines the major forces changing the information security risk landscape from a big picture perspective, and then goes on to offer effective methods of managing that risk from a practitioner's viewpoint. The combination makes this book unique and a must read for anyone interested in IT risk." Dennis Devlin AVP, Information Security and Compliance, The George Washington University “Managing Risk and Information Security is the first-to-read, must-read book on information security for C-Suite executives. It is accessible, understandable and actionable. No sky-is-falling scare tactics, no techno-babble – just straight talk about a critically important subject. There is no better primer on the economics, ergonomics and psycho-behaviourals of security than this.” Thornton May, Futurist, Executive Director & Dean, IT Leadership Academy “Managing Risk and Information Security is a wake-up call for information security executives and a ray of light for business leaders. It equips organizations with the knowledge required to transform their security programs from a “culture of no” to one focused on agility, value and competitiveness. Unlike other publications, Malcolm provides clear and immediately applicable solutions to optimally balance the frequently opposing needs of risk reduction and business growth. This book should be required reading for anyone currently serving in, or seeking to achieve, the role of Chief Information Security Officer.” Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, VISA “For too many years, business and security – either real or imagined – were at odds. In Managing Risk and Information Security: Protect to Enable, you get what you expect – real life practical ways to break logjams, have security actually enable business, and marries security architecture and business architecture. Why this book? It's written by a practitioner, and not just any practitioner, one of the leading minds in Security today.” John Stewart, Chief Security Officer, Cisco “This book is an invaluable guide to help security professionals address risk in new ways in this alarmingly fast changing environment. Packed with examples which makes it a pleasure to read, the book captures practical ways a forward thinking CISO can turn information security into a competitive advantage for their business. This book provides a new framework for managing risk in an entertaining and thought provoking way. This will change the way security professionals work with their business leaders, and help get products to market faster. The 6 irrefutable laws of information security should be on a stone plaque on the desk of every security professional.” Steven Proctor, VP, Audit & Risk Management, Flextronics

A Vulnerable System

A Vulnerable System PDF Author: Andrew J. Stewart
Publisher: Cornell University Press
ISBN: 1501759043
Category : Computers
Languages : en
Pages : 310

Get Book Here

Book Description
As threats to the security of information pervade the fabric of everyday life, A Vulnerable System describes how, even as the demand for information security increases, the needs of society are not being met. The result is that the confidentiality of our personal data, the integrity of our elections, and the stability of foreign relations between countries are increasingly at risk. Andrew J. Stewart convincingly shows that emergency software patches and new security products cannot provide the solution to threats such as computer hacking, viruses, software vulnerabilities, and electronic spying. Profound underlying structural problems must first be understood, confronted, and then addressed. A Vulnerable System delivers a long view of the history of information security, beginning with the creation of the first digital computers during the Cold War. From the key institutions of the so-called military industrial complex in the 1950s to Silicon Valley start-ups in the 2020s, the relentless pursuit of new technologies has come at great cost. The absence of knowledge regarding the history of information security has caused the lessons of the past to be forsaken for the novelty of the present, and has led us to be collectively unable to meet the needs of the current day. From the very beginning of the information age, claims of secure systems have been crushed by practical reality. The myriad risks to technology, Stewart reveals, cannot be addressed without first understanding how we arrived at this moment. A Vulnerable System is an enlightening and sobering history of a topic that affects crucial aspects of our lives.

Information security: Setting the boardroon agenda

Information security: Setting the boardroon agenda PDF Author:
Publisher: Grist Ltd
ISBN: 0954279913
Category :
Languages : en
Pages : 61

Get Book Here

Book Description


Information Security Management Handbook, Fourth Edition

Information Security Management Handbook, Fourth Edition PDF Author: Harold F. Tipton
Publisher: CRC Press
ISBN: 0849311276
Category : Computers
Languages : en
Pages : 848

Get Book Here

Book Description
Whether you are active in security management or studying for the CISSP exam, you need accurate information you can trust. A practical reference and study guide, Information Security Management Handbook, Fourth Edition, Volume 3 prepares you not only for the CISSP exam, but also for your work as a professional. From cover to cover the book gives you the information you need to understand the exam's core subjects. Providing an overview of the information security arena, each chapter presents a wealth of technical detail. The changes in the technology of information security and the increasing threats to security from open systems make a complete and up-to-date understanding of this material essential. Volume 3 supplements the information in the earlier volumes of this handbook, updating it and keeping it current. There is no duplication of material between any of the three volumes. Because the knowledge required to master information security - the Common Body of Knowledge (CBK) - is growing so quickly, it requires frequent updates. As a study guide or resource that you can use on the job, Information Security Management Handbook, Fourth Edition, Volume 3 is the book you will refer to over and over again.

Information Security in Diverse Computing Environments

Information Security in Diverse Computing Environments PDF Author: Kayem, Anne
Publisher: IGI Global
ISBN: 1466661593
Category : Computers
Languages : en
Pages : 380

Get Book Here

Book Description
"This book provides the latest empirical research and theoretical frameworks in the area of information security, presenting research on developing sufficient security measures for new environments by discussing challenges faced by researchers as well as unconventional solutions to these problems"--Provided by publisher.