Information security teams are charged with developing and maintaining a set of documents that will protect the assets of an enterprise from constant threats and risks. In order for these safeguards and controls to be effective, they must suit the particular business needs of the enterprise. A guide for security professionals, Building an Eff

Addressing the diminished understanding of the value of security on the executive side and a lack of good business processes on the security side, Security Strategy: From Requirements to Reality explains how to select, develop, and deploy the security strategy best suited to your organization. It clarifies the purpose and place of strategy in an in

Information Security Policies Made Easy is the definitive resource tool for information security policies. Version 9 now includes an updated collection of 1250 + security policies and templates covering virtually every aspect of corporate security.

By definition, information security exists to protect your organization's valuable information resources. But too often information security efforts are viewed as thwarting business objectives. An effective information security program preserves your information assets and helps you meet business objectives. Information Security Policies, Procedure

Enterprise Cybersecurity empowers organizations of all sizes to defend themselves with next-generation cybersecurity programs against the escalating threat of modern targeted cyberattacks. This book presents a comprehensive framework for managing all aspects of an enterprise cybersecurity program. It enables an enterprise to architect, design, implement, and operate a coherent cybersecurity program that is seamlessly coordinated with policy, programmatics, IT life cycle, and assessment. Fail-safe cyberdefense is a pipe dream. Given sufficient time, an intelligent attacker can eventually defeat defensive measures protecting an enterprise’s computer systems and IT networks. To prevail, an enterprise cybersecurity program must manage risk by detecting attacks early enough and delaying them long enough that the defenders have time to respond effectively. Enterprise Cybersecurity shows players at all levels of responsibility how to unify their organization’s people, budgets, technologies, and processes into a cost-efficient cybersecurity program capable of countering advanced cyberattacks and containing damage in the event of a breach. The authors of Enterprise Cybersecurity explain at both strategic and tactical levels how to accomplish the mission of leading, designing, deploying, operating, managing, and supporting cybersecurity capabilities in an enterprise environment. The authors are recognized experts and thought leaders in this rapidly evolving field, drawing on decades of collective experience in cybersecurity and IT. In capacities ranging from executive strategist to systems architect to cybercombatant, Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, and Abdul Aslam have fought on the front lines of cybersecurity against advanced persistent threats to government, military, and business entities.

Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 7 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay

Administrators, more technically savvy than their managers, have started to secure the networks in a way they see as appropriate. When management catches up to the notion that security is important, system administrators have already altered the goals and business practices. Although they may be grateful to these people for keeping the network secure, their efforts do not account for all assets and business requirements Finally, someone decides it is time to write a security policy. Management is told of the necessity of the policy document, and they support its development. A manager or administrator is assigned to the task and told to come up with something, and fast! Once security policies are written, they must be treated as living documents. As technology and business requirements change, the policy must be updated to reflect the new environment--at least one review per year. Additionally, policies must include provisions for security awareness and enforcement while not impeding corporate goals. This book serves as a guide to writing and maintaining these all-important security policies.