You are previewing Once More Unto the Breach: Managing information security in an uncertain world.
O'Reilly logo
Once More Unto the Breach: Managing information security in an uncertain world

Book Description

The role of the information security manager has changed. Have you? The challenges you face as an information security manager (ISM) have increased enormously since the first edition of Once more unto the breach was published. What seemed exceptional in 2011 is the norm in 2015: vulnerabilities have been experienced across all operating systems, millions of individuals have been affected by data breaches, and countless well-known companies have fallen victim to cyber attacks. It’s your duty to ensure that your organization isn’t next. The ISM’s information security responsibilities now cover all aspects of the organization and its operations, and relate to the security of information in all forms, locations, and transactions across the organization – and beyond. Topics covered include: Project management Physical security Password management Consumerization (BYOD) Audit log management Vulnerability management Cloud computing Incident reporting Penetration testing Linking information security with records management Privacy impact assessments Internal auditing In this revised edition of Once more unto the breach, Andrea C Simmons uses her extensive experience to provide an important insight into the changing role and responsibilities of the ISM, walking you through a typical ISM’s year and highlighting the challenges and pitfalls of an information security program. One of the key failures of security change management is that it is perceived as a project instead of a program, and is therefore mistakenly assumed to have an end. Once more unto the breach explains why information security is an ongoing process, using the role of project manager on a program of change to highlight the various incidents and issues that arise on an almost daily basis – and often go unnoticed. A major challenge for the ISM is achieving all-important buy-in from their colleagues. Once more unto the breach explains how to express the importance of the tasks you are undertaking in language that executive management will understand. You’ll also discover the importance of having a camera with you at all times. For too long, security has been seen as more of an inhibitor than an enabler. Once more unto the breach is an invaluable resource that will help you improve this perception, and achieve better overall information protection results as a result. About the author Andrea C Simmons is an information governance specialist with extensive experience in the private and public sectors. She has made significant contributions to the development of standards and industry research, and is currently working on a PhD in information assurance. She writes articles and blogs, and presents at conferences, seminars, and workshops. Andrea is a member of many professional bodies and has just been awarded Senior Member status by the Information Systems Security Association (ISSA). Buy this book and understand the latest challenges information security managers face.

Table of Contents

  1. Cover
  2. Once more unto the Breach
  3. Title Page
  4. Copy Page
  5. Preface
  6. About The Author
  7. Acknowledgements
  8. Contents
  9. Introduction
  10. Chapter 1: August: Pulling a team together
    1. It’s not a project
    2. Make friends and influence people
    3. There’s always a need for a ‘list’ (well, if it’s good enough for Santa Claus!)
    4. Project management
    5. Chapter summary
  11. Chapter 2: September: Street trash
    1. Introduction
    2. Incompatible software
    3. Remote workers
    4. User acceptance testing
    5. Physical security
    6. Password management
    7. Laptop management
    8. Chapter summary
  12. Chapter 3: October: Compliance may be only skin deep
    1. Introduction
    2. Information security policy
    3. Managing corporate antivirus
    4. Standard build and image
    5. Password management (again)
    6. Consumerisation
    7. Third-party management
    8. Audit log management
    9. Vulnerability management
    10. Cloud computing
    11. Project management
    12. Chapter summary
  13. Chapter 4: November: How remote is remote?
    1. Introduction
    2. Location, location, location
    3. Innovation, innovation, innovation
    4. Information labelling
    5. Lessons learnt
    6. Chapter summary
  14. Chapter 5: December: Oh, for the sake of yet another proposal
    1. Security improvement programme
    2. Fax management
    3. Image build again
    4. Physical security findings
    5. Physical security solution suggestions
    6. Other security tasks for this month
    7. Chapter summary
  15. Chapter 6: January: A battle won
    1. Baking security in
    2. Desktop refresh versus consumerisation
    3. Incident reporting
    4. Data-sharing protocols
    5. Linking InfoSec with records management
    6. Penetration testing results
    7. Back to physical security issues
    8. Reduce, reuse, recycle
    9. Other security tasks for this month
    10. Chapter summary
  16. Chapter 7: February: Money doesn’t buy happiness
    1. Divide and conquer?
    2. Remember the big picture
    3. Breadth of technological change
    4. Embracing data protection and privacy
    5. Other security tasks for this month
    6. Chapter summary
  17. Chapter 8: March: Slipping through the net
    1. The impact of politics
    2. Privacy impact assessments
    3. Managing a virus outbreak
    4. Other information security tasks this month
    5. Chapter summary
  18. Chapter 9: April: Linking InfoSec with InfoGov
    1. A linguistic journey to information governance
    2. How did we get here?
    3. Other security tasks for this month
    4. Chapter summary
  19. Chapter 10: May: Politics and management
    1. Situational political awareness
    2. Language and management challenges
    3. Other security tasks for this month
    4. Chapter summary
  20. Chapter 11: June: What the auditors shouldn’t know
    1. Internal audit has history
    2. Increasing and varied security incidents
    3. Security awareness theme
    4. Chapter summary
  21. Chapter 12: July: Journey’s end… and conclusion
    1. Returning to the lessons learnt
    2. The life of an information security manager
    3. Things I haven’t spent a lot of time on
    4. Closing thoughts
    5. And finally, be an active professional
  22. Appendix 1: Security Awareness Themes
  23. Appendix 2: ISM Activities
  24. Appendix 3: Resources
  25. ITG Resources