CHAPTER 6: THE INFORMATION SECURITY MANAGEMENT SYSTEM

The problem is never how to get new, innovative ideas into your mind, but how to get the old ones out.

Dee Hock, Creator of VISA

In spite of the views of many CISOs, securing an organization’s information assets has never really been just about implementing technical security controls. The role of the traditional CISO within the typical IT department can play only a small part in solving the information security challenge. Implementing technical security controls defined by the CISO is only a part of the larger issue of risk management. Today’s CISO needs to adopt, promote and lead the implementation of an Information Security Management System designed to protect the organization’s information ...

Get The Chief Information Security Officer: Insights, tools and survival skills now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.