book

The Information Systems Security Officer's Guide, 3rd Edition

Name: The Information Systems Security Officer's Guide, 3rd Edition
Author: Gerald L. Kovacich
ISBN: 9780128023792

by Gerald L. Kovacich

January 2016

Beginner

360 pages

10h 7m

English

Butterworth-Heinemann

Read now

Unlock full access

Cover image
Title page
Table of Contents
Copyright
Dedication
About the Author
Preface
Acknowledgments
Introduction
Section I. The Working Environment of the Cyber Security Officer

Introduction
Chapter 1. Understanding the Past and Present Cyber-Information World Environment
Ah, the Good Ol’ Days!Global Information InfrastructureNational Information InfrastructureHow Did We Get from Adam to the Internet?Changing Criminal Justice SystemsThe Human FactorSummary
Chapter 2. Understanding the Past and Present Global Business and Management Environment
The Changing Business and Government EnvironmentsUnderstanding the Business EnvironmentManagement Responsibilities and Communicating with ManagementCreating a Competitive Advantage through a Cyber Security ProgramService, Support, and a Business OrientationBusiness Managers and Cyber securityWhat Company Managers Should Ask of Their Cyber Security ProfessionalsWhat Cyber Security Professionals Should DoQuestions to ConsiderSummary
Chapter 3. An Overview of Related World Views of Cyber Security
Evolution of Laws, Standards, Policies, and ProceduresGlobal via the UNThe EUAsiaSouth AmericaAfricaCanadaUnited StatesSummary
Chapter 4. A Glimpse at the History of Technology
What Is Technology?From Cave Man to Cyber Security Professional and Information WarriorRevolutions and Evolutions in High TechnologyFrom the Twentieth Century to Today: Technology and the Advent of High TechnologyThe InternetThe High-Technology-Driven PhenomenonFaster and More Massive High-Technology-Driven CommunicationsThe Beneficial Effect of Hacker Tools and Other Malicious Software on Network Security with Dual Roles as Cyber Security ToolsOther High-Technology Tools in Cyber SecurityWelcome to the Twenty-First-Century TechnologySummary
Chapter 5. Understanding Today’s Threats in the Cyber Vapor—“War Stories” from the Front Lines
Reported Digital Battlefield Attacks and Related StoriesSummary
Section II. The Duties and Responsibilities of a Cyber Security Officer
Introduction
Chapter 6. The Cyber Security Officer’s Position, Duties, and Responsibilities
IntroductionThe Cyber Security Officer in a Global CorporationCyber Security Officer Duties and ResponsibilitiesGoals and ObjectivesLeadership PositionVision, Mission, and Quality StatementsCyber Security PrinciplesProject and Risk Management ProcessesCyber Security Officer and Organizational ResponsibilitiesSummary
Chapter 7. The Cyber Security Program’s Strategic, Tactical, and Annual Plans
IntroductionCorporate’s Cyber Security Strategic PlanCorporate’s Cyber Security Tactical PlanCyber Security Annual PlanQuestions to ConsiderSummary
Chapter 8. Establishing a Cyber Security Program and Organization
IntroductionCorporate Cyber Security ProgramCyber Security Officer Thought Process in Establishing the Cyber Security OrganizationQuestions to ConsiderSummary
Chapter 9. Determining and Establishing Cyber Security Functions
IntroductionProcessesValuing InformationInternational Widget Corporation (IWC) Cyber Security Program Functions Process DevelopmentCyber Security Officer’s Cyber Security Program FunctionsAccess Control and Access Control SystemsEvaluation of All Hardware, Firmware, and SoftwareRisk Management ProgramSecurity Tests and Evaluations ProgramNoncompliance InquiriesContingency and Emergency Planning and Disaster Recovery ProgramQuestions to ConsiderSummary
Chapter 10. Establishing a Metrics Management System
IntroductionMetrics 1: Cyber Security Program Level of Effort Drivers—Number of UsersExamples of Other Metrics ChartsProject ManagementQuestions to ConsiderSummary
Chapter 11. Annual Reevaluation and Future Plans
IntroductionOne-Year ReviewCyber Security Program Strategic, Tactical, and Annual PlansLinking Cyber Security Program Accomplishments to Corporate GoalsMetrics AnalysisPlanning for Next YearQuestions to ConsiderSummary
Chapter 12. High-Technology Crimes Investigative Support
IntroductionDuties and Responsibilities of a Cyber Security Officer in Deterring High-Technology CrimesAssisting with Computer Forensics SupportDealing with Law EnforcementQuestions to ConsiderSummary
Section III. The Global, Professional, and Personal Challenges of a Cyber Security Officer
Introduction
Chapter 13. Introduction to Global Information Warfare
The PossibilitiesIntroduction to WarfareFour Generations of WarfareIntroduction to Global Information WarfareInformation Warfare Will Hit You in Your PocketbookBusiness Is WarIW Broadly Encompasses Many Levels and FunctionsWhat IW Is … and Is NotBeing Prepared-Bad Things Will HappenThe Possible Breakdowns in an Information EnvironmentGoing beyond Three Blind Men Describing an Elephant: Information Warfare Terms of ReferenceInformation Warfare Is a Powerful Approach for Attaining and Maintaining a Competitive AdvantageHow to Use IW to Achieve Goals and ObjectivesCoherent Knowledge-Based OperationsNetwork-Centric BusinessKnowledge ManagementSummaryNote
Chapter 14. The Cyber Security Officer and Privacy, Ethical, and Liability Issues
Introduction to Privacy IssuesIntroduction to Ethics IssuesCodes of EthicsCorporate Ethics, Standards of Conduct, Business Practices, and Corporate ValuesLiability IssuesQuestions to ConsiderSummary
Chapter 15. A Career as a Cyber Security Officer
IntroductionThe Cyber Security Officer’s Career Development ProgramEducationQuestionsSummary
Chapter 16. A Look at the Possible Future
Surviving into the FutureNew Old Approach to Security—Defensive ApproachThe Changing EnvironmentThe Need for Enlightened and Dedicated LeadershipGlobal TrendsOffensive–Defensive Cyber AttacksThe Future of the InternetQuestionsSummary
Index

Content preview from The Information Systems Security Officer's Guide, 3rd Edition

Chapter 8

Establishing a Cyber Security Program and Organization

Abstract

The objective of this chapter is to describe how to establish a corporate cyber security program and its associated organization. A “what-if” approach is used in which a corporate security officer is shown to act in a certain way based on what is required of him or her by corporation in which that person is employed, using a fictional corporate environment.

Keywords

Corporate cyber security program; Corporate information officer (CIO); Corporation overall policy document; Formal project management techniques; Information environment (IE); Off-site cyber security program; Strategic business plan (SBP); Tactical business plan (TBP)

We trained hard, but it seemed every time we were ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Computer and Information Security Handbook, 3rd Edition

Publisher Resources

ISBN: 9780128023792

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

The Information Systems Security Officer's Guide, 3rd Edition

by Gerald L. Kovacich

Establishing a Cyber Security Program and Organization