The CISO role has been previously characterized as a technical/IT related role. This has drastically evolved and nowadays, the CISO/CSO role has much wider responsibilities. This guide is structured as a high level, through main considerations and feedback from my own personal experience.
Other interesting reads are the ones below:
The most interesting book that I have found about the subject was indeed:
Becoming a Global Chief Security Executive Officer provides tangible, proven, and practical approaches to optimizing the security leader’s ability to lead both today’s, and tomorrow’s, multidisciplined security, risk, and privacy function.
The need for well-trained and effective executives who focus on business security, risk, and privacy has exponentially increased as the critical underpinnings of today’s businesses rely more and more on their ability to ensure the effective operation and availability of business processes and technology.
Cyberattacks, e-crime, intellectual property theft, and operating globally requires sustainable security programs and operations led by executives who cannot only adapt to today’s requirements, but also focus on the future.
The book provides foundational and practical methods for creating teams, organizations, services, and operations for today’s-and tomorrow’s-physical and information converged security program, also teaching the principles for alignment to the business, risk management and mitigation strategies, and how to create momentum in business operations protection.
- Demonstrates how to develop a security program’s business mission
- Provides practical approaches to organizational design for immediate business impact utilizing the converged security model
- Offers insights into what a business, and its board, want, need, and expect from their security executives<
- Covers the 5 Steps to Operational Effectiveness: Cybersecurity – Corporate Security – Operational Risk – Controls Assurance – Client Focus
- Provides templates and checklists for strategy design, program development, measurements and efficacy assurance
2/ Why CISOs Fail: The Missing Link in Security Management--and How to Fix It (Internal Audit and IT Audit)Oct 16, 2017
This book provides insight as to why and how current security management practices fail at their basic foundation, resulting in overall dissatisfaction by practitioners and lack of success in the corporate environment. The author examines the reasons and how to fix them. The resulting improvement is highly beneficial to any corporation that chooses to pursue this approach or strategy and from a bottom-line and business operations perspective, not just in technical operations. This book transforms the understanding of the role of the CISO, the selection process for a CISO, and the financial impact that security plays in any organization.
3/ The CISO Journey: Life Lessons and Concepts to Accelerate Your Professional Development (Internal Audit and IT Audit)Mar 16, 2017
The book takes readers though a series of security and risk discussions based on real-life experiences. While the experience story may not be technical, it will relate specifically to a value or skill critical to being a successful CISO. The core content is organized into ten major chapters, each relating to a "Rule of Information Security" developed through a career of real life experiences. The elements are selected to accelerate the development of CISO skills critical to success. Each segments clearly calls out lessons learned and skills to be developed. The last segment of the book addresses presenting security to senior execs and board members, and provides sample content and materials.
The CISO Handbook: A Practical Guide to Securing Your Company provides unique insights and guidance into designing and implementing an information security program, delivering true value to the stakeholders of a company. The authors present several essential high-level concepts before building a robust framework that will enable you to map the concepts to your company’s environment.
The book is presented in chapters that follow a consistent methodology – Assess, Plan, Design, Execute, and Report. The first chapter, Assess, identifies the elements that drive the need for infosec programs, enabling you to conduct an analysis of your business and regulatory requirements. Plan discusses how to build the foundation of your program, allowing you to develop an executive mandate, reporting metrics, and an organizational matrix with defined roles and responsibilities. Design demonstrates how to construct the policies and procedures to meet your identified business objectives, explaining how to perform a gap analysis between the existing environment and the desired end-state, define project requirements, and assemble a rough budget. Execute emphasizes the creation of a successful execution model for the implementation of security projects against the backdrop of common business constraints. Report focuses on communicating back to the external and internal stakeholders with information that fits the various audiences.
Each chapter begins with an Overview, followed by Foundation Concepts that are critical success factors to understanding the material presented. The chapters also contain a Methodology section that explains the steps necessary to achieve the goals of the particular chapter.
CISO Leadership: Essential Principles for Success captures years of hard knocks, success stories, and yes, failures. This is not a how-to book or a collection of technical data. It does not cover products or technology or provide a recapitulation of the common body of knowledge. The book delineates information needed by security leaders and includes from-the-trenches advice on how to have a successful career in the field.
With a stellar panel of contributors including William H. Murray, Harry Demaio, James Christiansen, Randy Sanovic, Mike Corby, Howard Schmidt, and other thought leaders, the book brings together the collective experience of trail blazers. The authors have learned through experience―been there, done that, have the t-shirt―and yes, the scars. A glance through the contents demonstrates the breadth and depth of coverage, not only in topics included but also in expertise provided by the chapter authors. They are the pioneers, who, while initially making it up as they went along, now provide the next generation of information security professionals with a guide to success.
Have a good read!
Disclaimer: Woman In Cyber is part of the associate program from Amazon, and others, and may earn advertising fees when you use our links to these websites. These fees will not increase your purchase price, which will be the same as any direct visitor to the merchant’s website.
All information is provided “as is.” While we try to provide accurate information, we make no claims, promises, or guarantees about the accuracy or completeness of the information provided by Woman In Cyber. Information provided by Woman In Cyber may be altered at any time without notice. Woman In Cyber disclaims any responsibility associated with the general information it provides on any of its pages.