As organizations struggle to implement effective security measures, all too often they focus solely on the tangible elements, such as developing security policies or risk management implementations. While these items are very important, they are only half of the equation necessary to ensure security success. CISO Soft Securing Organizations Impaired by Employee Politics, Apathy, and Intolerant Perspectives presents tools that empower security practitioners to identify the intangible negative influencers of security that plague most organizations, and provides techniques to identify, minimize, and overcome these pitfalls. The book begins by explaining how using the wrong criteria to measure security can result in a claim of adequate security when objective assessment demonstrates this not to be the case. The authors instead recommend that organizations measure the success of their efforts using a practical approach that illustrates both the tangible and intangible requirements needed by a healthy security effort. The middle section discusses the root causes that negatively influence both a CISO and an organization’s ability to truly secure itself. These root causes These chapters explain what a CISO can do about these security constraints, providing numerous practical and actionable exercises, tools, and techniques to identify, limit, and compensate for the influence of security constraints in any type of organization. The final chapters discuss some proactive techniques that CISOs can utilize to effectively secure challenging work environments. Reflecting the experience and solutions of those that are in the trenches of modern organizations, this volume provides practical ideas that can make a difference in the daily lives of security practitioners.
Systematizes the core security challenges facing any security organization through the lens of political and human aspects. Given the nature of CISO's job and the main levers they can press, these lenses seem to be optimal to understand such systematic issues in security organizations.
There are also some interesting nuggets which are also spread across the book. Overall approachable and quite useful even after many years of it's publishing.