What do you think?
Rate this book
Building an Effective Cybersecurity Program, 2nd Edition
BUILD YOUR CYBERSECURITY PROGRAM WITH THIS COMPLETELY UPDATED GUIDE
Security practitioners now have a comprehensive blueprint to build their cybersecurity programs. Building an Effective Cybersecurity Program (2nd Edition) instructs security architects, security managers, and security engineers how to properly construct effective cybersecurity programs using contemporary architectures, frameworks, and models.
This comprehensive book is the result of the author’s professional experience and involvement in designing and deploying hundreds of cybersecurity programs. The extensive content
Recommended design approaches, Program structure, Cybersecurity technologies, Governance
Policies, Vulnerability, Threat and intelligence capabilities, Risk management, Defense-in-depth, DevSecOps, Service management, …and much more!
The book is presented as a practical roadmap detailing each step required for you to build your effective cybersecurity program. It also provides many design templates to assist in program builds and all chapters include self-study questions to gauge your progress.
With this new 2nd edition of this handbook, you can move forward confidently, trusting that Schreider is recommending the best components of a cybersecurity program for you. In addition, the book provides hundreds of citations and references allow you to dig deeper as you explore specific topics relevant to your organization or your studies.
Whether you are a new manager or current manager involved in your organization’s cybersecurity program, this book will answer many questions you have on what is involved in building a program. You will be able to get up to speed quickly on program development practices and have a roadmap to follow in building or improving your organization’s cybersecurity program.
If you are new to cybersecurity in the short period of time it will take you to read this book, you can be the smartest person in the room grasping the complexities of your organization’s cybersecurity program. If you are a manager already involved in your organization’s cybersecurity program, you have much to gain from reading this book. This book will become your go to field manual guiding or affirming your program decisions.
Security practitioners now have a comprehensive blueprint to build their cybersecurity programs. Building an Effective Cybersecurity Program (2nd Edition) instructs security architects, security managers, and security engineers how to properly construct effective cybersecurity programs using contemporary architectures, frameworks, and models.
This comprehensive book is the result of the author’s professional experience and involvement in designing and deploying hundreds of cybersecurity programs. The extensive content
Recommended design approaches, Program structure, Cybersecurity technologies, Governance
Policies, Vulnerability, Threat and intelligence capabilities, Risk management, Defense-in-depth, DevSecOps, Service management, …and much more!
The book is presented as a practical roadmap detailing each step required for you to build your effective cybersecurity program. It also provides many design templates to assist in program builds and all chapters include self-study questions to gauge your progress.
With this new 2nd edition of this handbook, you can move forward confidently, trusting that Schreider is recommending the best components of a cybersecurity program for you. In addition, the book provides hundreds of citations and references allow you to dig deeper as you explore specific topics relevant to your organization or your studies.
Whether you are a new manager or current manager involved in your organization’s cybersecurity program, this book will answer many questions you have on what is involved in building a program. You will be able to get up to speed quickly on program development practices and have a roadmap to follow in building or improving your organization’s cybersecurity program.
If you are new to cybersecurity in the short period of time it will take you to read this book, you can be the smartest person in the room grasping the complexities of your organization’s cybersecurity program. If you are a manager already involved in your organization’s cybersecurity program, you have much to gain from reading this book. This book will become your go to field manual guiding or affirming your program decisions.
406 pages, Kindle Edition
Published October 22, 2019
8 people are currently reading
9 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
May 1, 2020
One of the best Gartner advisory documents ever written was The New CISO's Crucial First 100 Days by Christian Byrnes and Michael Corby. They write that a new chief information security officer (CISO), like any new manager, can expect a honeymoon period. But this period is likely to be very brief - typically the first 100 days or so. The new CISO must make the most of this critical period because it represents the first and sometimes the last opportunity to set the enterprise's security processes and technologies on an effective course.
Two of the key finding in the report is that most CISOs who fail, do so because they do not meet business requirements and expectations, and don't effectively communicate how they have met the expectations, not because of technical or operational reasons. And that the successful CISO is primarily a leader, a manager, and a communicator, not a technologist.
The report does a fantastic job of laying out the foundations of how a CISO can be successful. But what happens on day 101? In Building an Effective Cybersecurity Program, author Tari Schreider has written a tactical guide that a CISO can use to take those core ideas of the first 100 days and put them into play to build out an effective information security program.
While the Gartner document is more conceptual, this book is thoroughly practical and pragmatic. In the seven chapters of the book:
1. Design a Cybersecurity Program
2. Establish a Foundation of Governance
3. Build a Threat, Vulnerability Detection, and Intelligence Capability
4. Build a Cyber Risk Management Capability
5. Implement a Defense-in-Depth Strategy
6. Apply Service Management to Cybersecurity Programs
7. Cybersecurity Program Design Toolkit
Schreider provides a detailed and real-world roadmap on how to create an effective information security program. He also brings his practical experience to every chapter, detailing what works and does not, the pros and cons of items suggested, and more.
Numerous templates are provided to assist in these build-outs. There does not seem to be an online portal to use these templates, which would have been quite helpful. It also lists products for each technology listed, which makes it helpful for the reader to know what it is available.
While the book is geared to CISO's and security managers, it is of value to anyone tasks to build out an information security program. What makes the book so valuable is that it is light on theory and heavyweight on practical guidance.
Schreider has decades of information security and risk management experience in numerous environments and industries. He brings that experience to every chapter in this valuable guide.
There's no shortage of books with pages of theory, which is a good thing. But not enough with practical and hands-on advice. For those looking for a go-to guide to assist them in building out their information security program, Building an Effective Cybersecurity Program is just what they need.
Two of the key finding in the report is that most CISOs who fail, do so because they do not meet business requirements and expectations, and don't effectively communicate how they have met the expectations, not because of technical or operational reasons. And that the successful CISO is primarily a leader, a manager, and a communicator, not a technologist.
The report does a fantastic job of laying out the foundations of how a CISO can be successful. But what happens on day 101? In Building an Effective Cybersecurity Program, author Tari Schreider has written a tactical guide that a CISO can use to take those core ideas of the first 100 days and put them into play to build out an effective information security program.
While the Gartner document is more conceptual, this book is thoroughly practical and pragmatic. In the seven chapters of the book:
1. Design a Cybersecurity Program
2. Establish a Foundation of Governance
3. Build a Threat, Vulnerability Detection, and Intelligence Capability
4. Build a Cyber Risk Management Capability
5. Implement a Defense-in-Depth Strategy
6. Apply Service Management to Cybersecurity Programs
7. Cybersecurity Program Design Toolkit
Schreider provides a detailed and real-world roadmap on how to create an effective information security program. He also brings his practical experience to every chapter, detailing what works and does not, the pros and cons of items suggested, and more.
Numerous templates are provided to assist in these build-outs. There does not seem to be an online portal to use these templates, which would have been quite helpful. It also lists products for each technology listed, which makes it helpful for the reader to know what it is available.
While the book is geared to CISO's and security managers, it is of value to anyone tasks to build out an information security program. What makes the book so valuable is that it is light on theory and heavyweight on practical guidance.
Schreider has decades of information security and risk management experience in numerous environments and industries. He brings that experience to every chapter in this valuable guide.
There's no shortage of books with pages of theory, which is a good thing. But not enough with practical and hands-on advice. For those looking for a go-to guide to assist them in building out their information security program, Building an Effective Cybersecurity Program is just what they need.
Displaying 1 of 1 review