O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Information Systems Security Officer's Guide, 3rd Edition

Book Description

The Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program, Third Edition, provides users with information on how to combat the ever-changing myriad of threats security professionals face. This entirely updated edition presents practical advice on establishing, managing, and evaluating a successful information protection program in a corporation or government agency, covering everything from effective communication to career guidance for the information security officer.

The book outlines how to implement a new plan or evaluate an existing one, and is especially targeted to those who are new to the topic. It is the definitive resource for learning the key characteristics of an effective information systems security officer (ISSO), and paints a comprehensive portrait of an ISSO's duties, their challenges, and working environments, from handling new technologies and threats, to performing information security duties in a national security environment.

  • Provides updated chapters that reflect the latest technological changes and advances in countering the latest information security threats and risks and how they relate to corporate security and crime investigation
  • Includes new topics, such as forensics labs and information warfare, as well as how to liaison with attorneys, law enforcement, and other agencies others outside the organization
  • Written in an accessible, easy-to-read style

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. About the Author
  7. Preface
  8. Acknowledgments
  9. Introduction
  10. Section I. The Working Environment of the Cyber Security Officer
    1. Introduction
    2. Chapter 1. Understanding the Past and Present Cyber-Information World Environment
      1. Ah, the Good Ol’ Days!
      2. Global Information Infrastructure
      3. National Information Infrastructure
      4. How Did We Get from Adam to the Internet?
      5. Changing Criminal Justice Systems
      6. The Human Factor
      7. Summary
    3. Chapter 2. Understanding the Past and Present Global Business and Management Environment
      1. The Changing Business and Government Environments
      2. Understanding the Business Environment
      3. Management Responsibilities and Communicating with Management
      4. Creating a Competitive Advantage through a Cyber Security Program
      5. Service, Support, and a Business Orientation
      6. Business Managers and Cyber security
      7. What Company Managers Should Ask of Their Cyber Security Professionals
      8. What Cyber Security Professionals Should Do
      9. Questions to Consider
      10. Summary
    4. Chapter 3. An Overview of Related World Views of Cyber Security
      1. Evolution of Laws, Standards, Policies, and Procedures
      2. Global via the UN
      3. The EU
      4. Asia
      5. South America
      6. Africa
      7. Canada
      8. United States
      9. Summary
    5. Chapter 4. A Glimpse at the History of Technology
      1. What Is Technology?
      2. From Cave Man to Cyber Security Professional and Information Warrior
      3. Revolutions and Evolutions in High Technology
      4. From the Twentieth Century to Today: Technology and the Advent of High Technology
      5. The Internet
      6. The High-Technology-Driven Phenomenon
      7. Faster and More Massive High-Technology-Driven Communications
      8. The Beneficial Effect of Hacker Tools and Other Malicious Software on Network Security with Dual Roles as Cyber Security Tools
      9. Other High-Technology Tools in Cyber Security
      10. Welcome to the Twenty-First-Century Technology
      11. Summary
    6. Chapter 5. Understanding Today’s Threats in the Cyber Vapor—“War Stories” from the Front Lines
      1. Reported Digital Battlefield Attacks and Related Stories
      2. Summary
  11. Section II. The Duties and Responsibilities of a Cyber Security Officer
    1. Introduction
    2. Chapter 6. The Cyber Security Officer’s Position, Duties, and Responsibilities
      1. Introduction
      2. The Cyber Security Officer in a Global Corporation
      3. Cyber Security Officer Duties and Responsibilities
      4. Goals and Objectives
      5. Leadership Position
      6. Vision, Mission, and Quality Statements
      7. Cyber Security Principles
      8. Project and Risk Management Processes
      9. Cyber Security Officer and Organizational Responsibilities
      10. Summary
    3. Chapter 7. The Cyber Security Program’s Strategic, Tactical, and Annual Plans
      1. Introduction
      2. Corporate’s Cyber Security Strategic Plan
      3. Corporate’s Cyber Security Tactical Plan
      4. Cyber Security Annual Plan
      5. Questions to Consider
      6. Summary
    4. Chapter 8. Establishing a Cyber Security Program and Organization
      1. Introduction
      2. Corporate Cyber Security Program
      3. Cyber Security Officer Thought Process in Establishing the Cyber Security Organization
      4. Questions to Consider
      5. Summary
    5. Chapter 9. Determining and Establishing Cyber Security Functions
      1. Introduction
      2. Processes
      3. Valuing Information
      4. International Widget Corporation (IWC) Cyber Security Program Functions Process Development
      5. Cyber Security Officer’s Cyber Security Program Functions
      6. Access Control and Access Control Systems
      7. Evaluation of All Hardware, Firmware, and Software
      8. Risk Management Program
      9. Security Tests and Evaluations Program
      10. Noncompliance Inquiries
      11. Contingency and Emergency Planning and Disaster Recovery Program
      12. Questions to Consider
      13. Summary
    6. Chapter 10. Establishing a Metrics Management System
      1. Introduction
      2. Metrics 1: Cyber Security Program Level of Effort Drivers—Number of Users
      3. Examples of Other Metrics Charts
      4. Project Management
      5. Questions to Consider
      6. Summary
    7. Chapter 11. Annual Reevaluation and Future Plans
      1. Introduction
      2. One-Year Review
      3. Cyber Security Program Strategic, Tactical, and Annual Plans
      4. Linking Cyber Security Program Accomplishments to Corporate Goals
      5. Metrics Analysis
      6. Planning for Next Year
      7. Questions to Consider
      8. Summary
    8. Chapter 12. High-Technology Crimes Investigative Support
      1. Introduction
      2. Duties and Responsibilities of a Cyber Security Officer in Deterring High-Technology Crimes
      3. Assisting with Computer Forensics Support
      4. Dealing with Law Enforcement
      5. Questions to Consider
      6. Summary
  12. Section III. The Global, Professional, and Personal Challenges of a Cyber Security Officer
    1. Introduction
    2. Chapter 13. Introduction to Global Information Warfare
      1. The Possibilities
      2. Introduction to Warfare
      3. Four Generations of Warfare
      4. Introduction to Global Information Warfare
      5. Information Warfare Will Hit You in Your Pocketbook
      6. Business Is War
      7. IW Broadly Encompasses Many Levels and Functions
      8. What IW Is … and Is Not
      9. Being Prepared-Bad Things Will Happen
      10. The Possible Breakdowns in an Information Environment
      11. Going beyond Three Blind Men Describing an Elephant: Information Warfare Terms of Reference
      12. Information Warfare Is a Powerful Approach for Attaining and Maintaining a Competitive Advantage
      13. How to Use IW to Achieve Goals and Objectives
      14. Coherent Knowledge-Based Operations
      15. Network-Centric Business
      16. Knowledge Management
      17. Summary
      18. Note
    3. Chapter 14. The Cyber Security Officer and Privacy, Ethical, and Liability Issues
      1. Introduction to Privacy Issues
      2. Introduction to Ethics Issues
      3. Codes of Ethics
      4. Corporate Ethics, Standards of Conduct, Business Practices, and Corporate Values
      5. Liability Issues
      6. Questions to Consider
      7. Summary
    4. Chapter 15. A Career as a Cyber Security Officer
      1. Introduction
      2. The Cyber Security Officer’s Career Development Program
      3. Education
      4. Questions
      5. Summary
    5. Chapter 16. A Look at the Possible Future
      1. Surviving into the Future
      2. New Old Approach to Security—Defensive Approach
      3. The Changing Environment
      4. The Need for Enlightened and Dedicated Leadership
      5. Global Trends
      6. Offensive–Defensive Cyber Attacks
      7. The Future of the Internet
      8. Questions
      9. Summary
  13. Index