How do you engage with your peers when they think you're there to stop them working?
Corporate information security is often hindered by a lack of adequate communication between the security team and the rest of the organisation . Information security affects the whole company and is a responsibility shared by all staff, so failing to obtain wider acceptance can endanger the security of the entire organisation . Many consider information security a block, not a benefit, however, and view security professionals with suspicion if not outright hostility. As a security professional, how can you get broader buy-in from your colleagues?
Information Security: A Practical Guideaddresses that issue by providing an overview of basic information security practices that will enable your security team to better engage with their peers to address the threats facing the organisation as a whole.
Covering everything from your first day at work as an information security professional to developing and implementing enterprise-wide information security processes,Information Security: A Practical Guideexplains the basics of information security, and how to explain them to management and others so that security risks can be appropriately addressed.
Topics covered include:
How to understand the security culture of the organisationGetting to know the organisation and building relationships with key personnelHow to identify gaps in the organisation's security set-upThe impact of compromise on the organisationIdentifying, categorising and prioritising risksThe five levels of risk appetite and how to apply risk treatments via security controlsUnderstanding the threats facing your organisation and how to communicate themHow to raise security awareness and engage with specific peer groupsSystem mapping and documentation (including control boundaries and where risks exist)The importance of conducting regular penetration testing and what to do with the resultsInformation security policies and processesA standards-based approach to information security
If you're starting a new job as an information security professional,Information Security: A Practical Guidecontains all you need to know.
About the author
Tom Mooneyhas over 10 years' IT experience working with sensitive information. Currently HM Land Registry's information security risk advisor, where he works with project teams and the wider business to deliver key business systems securely, his key responsibility is to act as an intermediary between management and IT teams to ensure appropriate security controls are put in place. His extensive experience has led him to develop many skills and techniques to converse with people who are not technical or information security experts. Many of these are found in this book.
He has a BSc (Hons) in information and computer security, and is also a CESG certified professional.
Table of Contents
You are viewing the table of contents
You do not have access to this
on JSTOR. Try logging in through your institution for access.