You are previewing Once More unto the Breach.
O'Reilly logo
Once More unto the Breach

Book Description

Understand the role of Information Security Managers

Your responsibilities as an information security manager are critical. Advising on protecting the organisation's assets, security and data systems, not to mention its reputation, are in your hands. A major security breach could spell disaster.

The buck stops with you. Can you handle it?

In Once more unto the Breach, Andrea C Simmons speaks directly to information security managers and provides an insider's view of the role, offering priceless gems from her extensive experience and knowledge.

Based on a typical year in the life of an information security manager, the book examines how the general principles can be applied to all situations and discusses the lessons learnt from a real project.

Improve your organisation's security

One of the greatest challenges faced by an information security manager is convincing colleagues of the importance of following the necessary processes and procedures. As you walk through the year with Andrea, you will make significant inroads into improving your organisation's security as you:

  • think creatively in order to provide solutions to ongoing issues
  • create a workable information security policy
  • make friends with the right people in order to facilitate critical changes
  • pinpoint weaknesses and help your colleagues to see them through your eyes
  • improve physical security by helping others to take personal responsibility
  • learn strategies for the effective communication of key security messages in order to maximise use of the measures in place
  • appreciate how all this helps you to address the human factors and reduce your cyber risks – which are ultimately security risks
  • discover why it's essential to have a camera on you at all times!

The perfect reference guide for Information Security Managers

As well as a practical learning tool, Once more unto the Breach is an invaluable ongoing reference guide, containing lots of practical advice to ensure that the routine tasks aren't overlooked. With many clear and comprehensive lists, this is a book that will never be out of the reach of every effective information security manager.

The book that no information security manager can afford to be without!

Table of Contents

  1. Cover
  2. Title
  3. Copyright
  4. Preface
  5. About the Author
  6. Acknowledgements
  7. Contents
  8. Introduction
  9. Chapter 1: August: Pulling a team together
    1. It’s not a project
    2. Make friends and influence people
    3. There’s always a need for a ‘list’ (well, if it’s good enough for Santa Claus!)
    4. Project management
    5. Chapter summary
  10. Chapter 2: September: Street trash
    1. Introduction
    2. Incompatible software
    3. Remote workers
    4. User acceptance testing
    5. Physical security
    6. Password management
    7. Laptop management
    8. Chapter summary
  11. Chapter 3: October: Compliance may be only skin deep
    1. Introduction
    2. Information security policy
    3. Managing corporate anti-virus
    4. Standard build and image
    5. Password management (again)
    6. Consumerisation
    7. Third-party management
    8. Audit log management
    9. Vulnerability management
    10. Cloud Computing
    11. Project management
    12. Chapter summary
  12. Chapter 4: November: How remote is remote?
    1. Introduction
    2. Location, location, location
    3. Innovation, innovation, innovation
    4. Information labelling
    5. Lessons learnt
    6. Chapter summary
  13. Chapter 5: December: Oh, for the sake of yet another proposal
    1. Security improvement programme
    2. Fax management
    3. Image build again
    4. Physical security findings
    5. Physical security solution suggestions
    6. Other security tasks for this month
    7. Chapter summary
  14. Chapter 6: January: A battle won
    1. Baking security in
    2. Desktop refresh versus consumerisation
    3. Incident reporting
    4. Data-sharing protocols
    5. Linking InfoSec with records management
    6. Penetration testing results
    7. Back to physical security issues
    8. Reduce, reuse, recycle
    9. Other security tasks for this month
    10. Chapter summary
  15. Chapter 7: February: Money doesn’t buy happiness
    1. Divide and conquer?
    2. Remember the big picture
    3. Breadth of technological change
    4. Embracing data protection and privacy
    5. Other security tasks for this month
    6. Chapter summary
  16. Chapter 8: March: Slipping through the net
    1. The impact of politics
    2. Privacy impact assessments
    3. Managing a virus outbreak
    4. Other information security tasks this month
    5. Chapter summary
  17. Chapter 9: April: Linking InfoSec with InfoGov
    1. A linguistic journey to information governance
    2. How did we get here?
    3. Other security tasks for this month
    4. Chapter summary
  18. Chapter 10: May: Politics and management
    1. Situational political awareness
    2. Language and management challenges
    3. Other security tasks for this month
    4. Chapter summary
  19. Chapter 11: June: What the auditors shouldn’t know
    1. Internal audit has history
    2. Increasing and varied security incidents
    3. Security awareness theme
    4. Chapter summary
  20. Chapter 12: July: Journey’s end … and conclusion
    1. Returning to the lessons learnt
    2. The life of an information security manager
    3. Things I haven’t spent a lot of time on
    4. Closing thoughts
    5. And finally, be an active professional
  21. Appendix 1: Security Awareness Themes
  22. Appendix 2: ISM Activities
  23. Appendix 3: Resources
  24. ITG Resources