book

The Cybersecurity Manager's Guide

Name: The Cybersecurity Manager's Guide
Author: Todd Barnum
ISBN: 9781492076216

by Todd Barnum

March 2021

Beginner

176 pages

4h 54m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Why I Wrote this Book
Conventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgments
1. The Odds Are Against You
Fact 1: Nobody Really CaresFact 2: Nobody UnderstandsFact 3: Fear Drives Our IndustryConclusion 1: It’s All Up to YouConclusion 2: You’ll Always Be Under-ResourcedConclusion 3: Being Successful Requires Thoughtful WorkConclusion
2. The Science of Our Business:The Eight Domains
Why Am I Commenting on the Eight Domains?Domain 1: Security and Risk ManagementIT Policies and ProceduresSecurity Governance PrinciplesRisk-Based Management ConceptsThe Other Areas in the First DomainDomain 2: Asset SecurityDomain 3: Security Engineering and ArchitectureDomain 4: Communications and Network SecurityDomain 5: Identity and Access ManagementDomain 6: Security Assessment and TestingDomain 7: Security OperationsDomain 8: Software Development SecurityConclusion
3. The Art of Our Business: The Seven Steps
The Sumo ApproachThe Judo ApproachThe Seven Steps to Engage Your OrganizationStep 1: Cultivate RelationshipsStep 2: Ensure AlignmentStep 3: Use the Four Cornerstones to Lay the Groundwork for Your ProgramStep 4: Create a Communications PlanStep 5: Give Your Job AwayStep 6: Build Your TeamStep 7: Measure What MattersConclusion
4. Step 1: Cultivate Relationships
Caution: The Nature of Our WorkMaking Relationships a Top PriorityYour Program Will Be Only as Good as Your RelationshipsRelationships Aren’t SexyHiring Staff with Relationships in MindBuilding Strong Relationships: It Takes a PlanUnderstanding the Value of ListeningReaping the Benefits of Relationships: TeamworkFostering Special RelationshipsLegalCorporate AuditCorporate SecurityHuman ResourcesConclusion
5. Step 2: Ensure Alignment
What I Mean by AlignmentChoosing Where to Start on AlignmentSeeing Alignment as the Starting PointDetermining Your Company’s Risk ProfileThe Ideal AlignmentUnderstanding Your Company’s Unique Risk ProfileCreating Alignment Through CouncilsSecurity business councilExtended security councilExecutive security councilRecognizing Signs of MisalignmentConclusion
6. Step 3: Use the Four Cornerstones to Lay the Foundation of Your Program
The Four CornerstonesCornerstone 1: DocumentationThe CharterInformation Security PolicySecurity Incident Response PlanTakeawaysCornerstone 2: GovernanceCornerstone 3: Security ArchitectureWhat Does Architecture Look Like?How to Put the Security Architecture TogetherWhat’s the Outcome of Developing the Security Architecture?Cornerstone 4: Communications, Education, and AwarenessThe Benefits of Training and Educating OthersConclusion
7. Step 4: Use Communications to Get the Message Out
What Is a Communications Program?Why Is a Communications Program So Important?Communications Within the InfoSec TeamThe Goal and Objectives of the Communications ProgramStarting Your Communications ProgramNot All Departments Require Equal Levels of CommunicationYour Team’s ResponsibilitiesCommunications at WorkExample 1: Training with Industry ExpertsExample 2: Collaborative Decision MakingExample 3: InfoSec Campus EventsSigns the Communications Plan Is WorkingConclusion
8. Step 5: Give Your Job Away...It’s Your Only Hope
Giving Your Job Away, a History LessonThe 1990sThe Early 2000sThe Late 2000s2010 to TodayUnderstanding Your ChallengeRelationships and the Neighborhood WatchThe Need for GovernanceUnderstanding the Risks to Giving Your Job AwayRisky Situation 1Risky Situation 2Risky Situation 3Working with Your New NeighborsHelpful Hints for Working with Other TeamsConclusion
9. Step 6: Organize Your InfoSec Team
Identifying the Type of Talent You’ll NeedManaging a Preexisting TeamWhere You Report in the Organization MattersWorking with the Infrastructure TeamDealing with Toxic Security LeadersTurning Around an InfoSec EnemyDefining Roles and Responsibilities of Team MembersConclusion

10. Step 7: Measure What Matters
Why Measure?Understanding What to MeasureRecognizing Policy ViolationsThe Mother of All Metrics: Phishing TestsSocial Engineering and Staff TrainingTechnology Versus TrainingConclusion
11. Working with the Audit Team
The Audit Team Needs Your Help to Be Effective in CybersecurityA Typical Encounter with Auditors When Not Guided by InfoSecPartnering with the Audit Team to Influence ChangeWhere Did Auditors Get Such License?Getting Value from an AuditConclusion
12. A Note to CISOs
Seeing the CISO as a Cultural Change AgentKeeping Your Sword SharpHiring TechiesUtilising LunchesFree Lunch FridaysLunches with Other CompaniesHolding Cybersecurity ConferencesMeeting with Other CISOsConclusion
Final Thoughts
Where to Go from HereConclusion
Index

Content preview from The Cybersecurity Manager's Guide

Chapter 6. Step 3: Use the Four Cornerstones to Lay the Foundation of Your Program

Step 1 focused on the value of relationships and getting to know your organization, its people, and culture. Step 2 was a necessary process of calibrating yourself to align with the company’s prevailing culture toward information security. Both steps are about getting to know others and making the internal adjustments within yourself to calibrate your approach to security, so that you can give your company the security department it wants from you.

This chapter covers the work of putting pen to paper and establishing what I like to refer to as the cornerstones upon which the early years of your program will be built. For steps 1, 2, and 3, you don’t need to hire anyone. All this work can be done by you alone.

The Four Cornerstones

With progress being made in steps 1 and 2, you can now turn to the actual work of building your cybersecurity program. There’s no time requirement for steps 1 and 2, so when you start on step 3 (the four cornerstones) will be dictated by your unique work situation. I do want to highlight that as you begin the work of the four cornerstones, you should never stop the work of building and maintaining relationships, and calibrating yourself to the company’s culture.

Let’s now look at these four cornerstones, the foundation of any InfoSec program:

Documentation
Governance structures
Security architecture
Communications

These four areas, along with relationships and alignment, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781492076209Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

The Cybersecurity Manager's Guide

by Todd Barnum

Chapter 6. Step 3: Use the Four Cornerstones to Lay the Foundation of Your Program

The Four Cornerstones

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.