Tari Schreider, a board-certified information security practitioner with a criminal justice administration background, has written a much-needed book that bridges the gap between cybersecurity programs and cybersecurity law. He says, “My nearly 40 years in the fields of cybersecurity, risk management, and disaster recovery have taught me some immutable truths. One of these truths is that failure to consider the law when developing a cybersecurity program results in a protective façade or false sense of security.”
In a friendly style, offering real-world business examples from his own experience supported by a wealth of court cases, Schreider covers the range of practical information you will need as you explore – and prepare to apply – cybersecurity law. His practical, easy-to-understand explanations help you to:
Schreider takes you beyond security standards and regulatory controls to ensure that your current or future cybersecurity program complies with all laws and legal jurisdictions. Hundreds of citations and references allow you to dig deeper as you explore specific topics relevant to your organization or your studies. This book needs to be required reading before your next discussion with your corporate legal department.
Tari Schreider, SSCP, CISM, C|CISO, ITIL Foundation, is a distinguished technologist and nationally known expert in the fields of cybersecurity, risk management, and disaster recovery. Co-founder of Prescriptive Risk Solutions, LLC (PRS), he is former Chief Security Architect at Hewlett-Packard Enterprise. PRS designs custom solutions for companies with challenging legal and regulatory compliance issues that need to be solved quickly. PRS maintains one of the world’s largest databases of security and disaster recovery incidents with nearly 12,000 incidents covering 10.6 billion compromised records.
Mr. Schreider has designed and implemented complex cybersecurity programs including a red team penetration testing program for one of the largest oil and gas companies in the world, an NERC CIP compliance program for one of Canada’s largest electric utility companies, and an integrated security control management program for one of the US’ largest 911 systems. He has advised organizations from China to India on how to improve their cybersecurity programs through his Information Security Service Management – Reference Model (ISSM-RM). Schreider implemented a virtual Security Operations Center network with vSOCs located in the US, Brazil, Italy, Japan, Sweden, and the US. He was also responsible for creating the first Information Sharing and Analysis Center in collaboration with the Information Technology Association of America (IT-ISCA). His earliest disaster recovery experiences included assisting companies affected by the 1992 Los Angeles Rodney King Riots, and 1993 World Trade Center bombing. His unique experience came during the 1990 Gulf War, helping a New York financial institution recover after becoming separated from its data center in Kuwait.
Schreider has appeared on ABC News, CNN, CNBC, NPR, and has had numerous articles printed in security and business magazines including Business Week, New York Times, SC Magazine, The Wall Street Journal, and many others.
He studied Criminal Justice at the College of Social & Behavioral Sciences at the University of Phoenix and holds the following certifications in security and disaster recovery:• American College of Forensic Examiners, CHS-III • Certified CISO (C|CISO) • Certified Information Security Manager (CISM) • ITILTM v3 Foundation Certified • System Security Certified Practitioner (SSCP) • The Business Continuity Institute, MBCI • University of Richmond – Master Certified Recovery Planner (MCRP)
Kristen Noakes-Fry, ABCI, is Executive Editor at Rothstein Publishing. Previously, she was a Research Director, Information Security and Risk Group, for Gartner, Inc.; Associate Editor at Datapro (McGraw- Hill); and Associate Professor of English at Atlantic Cape College in New Jersey. She holds an M.A. from New York University and a B.A. from Russell Sage College.
In their careers, the authors, Brian Allen and Rachelle Loyear, have been instrumental in successfully reorganizing the way security is handled in major corporations. In this ground-breaking book, the authors begin by defining Enterprise Security Risk Management (ESRM):
“Enterprise security risk management is the application of fundamental risk principles to manage all security risks − whether information, cyber, physical security, asset management, or business continuity − in a comprehensive, holistic, all-encompassing approach.”
In the face of a continually evolving and increasingly risky global security landscape, this book takes you through the steps of putting ESRM into practice enterprise-wide, and helps you to:Differentiate between traditional, task-based management and strategic, risk-based management. See how adopting ESRM can lead to a more successful security program overall and enhance your own career. . Prepare your security organization to adopt an ESRM methodology. . Analyze and communicate risks and their root causes to all appropriate parties. . Identify what elements are necessary for long-term success of your ESRM program. . Ensure the proper governance of the security function in your enterprise. . Explain the value of security and ESRM to executives using useful metrics and reports. .
Throughout the book, the authors provide a wealth of real-world case studies from a wide range of businesses and industries to help you overcome any blocks to acceptance as you design and roll out a new ESRM-based security program for your own workplace.
Your challenge is to maintain a good and effective plan in the face of changing circumstances and limited budgets. If your situation is like that in most companies, you really cannot depend on the results of last year’s test or exercise of the plan. People tend to forget, lose confidence, lose interest, or even be replaced by other people who were not involved in your original planning. Jim Burtles explains:
“You cannot have any real confidence in your plans and procedures until they have been fully tested...Exercises are the only way we can be sure that the people will be able to interpret the plans and procedures correctly within the requisite timeframe under difficult circumstances.”
As you do your job in this constantly shifting context, Jim Burtles helps you to: • Differentiate between an “exercise” and a “test” – and see the value of each in your BC program. • Understand the different types of plans and identify the people who need to be involved in exercises and tests for each. • Use the “Five-Stage Growth Path” – from desktop to walkthrough to full-scale exercise -- to conduct gradual testing, educate personnel, foster capability, and build confidence. • Create a variety of unusual scenario plot-lines that will keep up everyone’s interest. • Identify the eight main elements in developing and delivering a successful BC exercise. • Select and prepare a “delivery team” and a “response team” for your exercise. • Make sure everyone understands the “rules of engagement.” • Use the lessons learned from exercises and tests to audit, update, and maintain the plan.
You are well aware that a host of problems may crop up in any kind of company-wide project. These problems can range from basic logistics like time and place, to non-support from executives and managers, to absenteeism, to the weather, to participants forgetting their lines. Throughout the book, Burtles uses his decades of experience working with companies like yours to give you useful examples, case studies, and down-to-earth advice to help you handle the unexpected and work toward the results you are looking for.
After years of working with the traditional practices of business continuity (BC) – in project management, higher education, contingency planning, and disaster recovery – David Lindstedt and Mark Armour identified unworkable areas in many core practices of traditional BC. To address these issues, they created nine Adaptive BC principles, the foundation of this book:Deliver continuous value. Document only for mnemonics. Engage at many levels within the organization. Exercise for improvement, not for testing. Learn the business. Measure and benchmark. Obtain incremental direction from leadership. Omit the risk assessment and business impact analysis. Prepare for effects, not causes.
Adaptive Business Continuity: A New Approach uses the analogy of rebuilding a house. After the initial design, the first step is to identify and remove all the things not needed in the new house. Thus, the first chapter is “Demolition” – not to get rid of the entire BC enterprise, but to remove certain BC activities and products to provide the space to install something new. The stages continue through foundation, framework, and finishing. Finally, the last chapter is “Dwelling,” permitting you a glimpse of what it might be like to live in this new home that has been created.
Through a wealth of examples, diagrams, and real-world case studies, Lindstedt and Armour show you how you can execute the Adaptive BC framework in your own organization. You will:Recognize specific practices in traditional BC that may be problematic, outdated, or ineffective. Identify specific activities that you may wish to eliminate from your practice. Learn the capability and constraint model of recoverability. Understand how Adaptive BC can be effective in organizations with vastly different cultures and program maturity levels. See how to take the steps to implement Adaptive BC in your own organization. Think through some typical challenges and opportunities that may arise as you implement an Adaptive BC approach.
Over 30+ years, Tari Schreider has designed and implemented cybersecurity programs throughout the world, helping hundreds of companies like yours. Building on that experience, he has created a clear roadmap that will allow the process to go more smoothly for you. Building Effective Cybersecurity Programs: A Security Manager’s Handbook is organized around the six main steps on the roadmap that will put your cybersecurity program in place:Design a Cybersecurity ProgramEstablish a Foundation of GovernanceBuild a Threat, Vulnerability Detection, and Intelligence CapabilityBuild a Cyber Risk Management CapabilityImplement a Defense-in-Depth StrategyApply Service Management to Cybersecurity Programs
Because Schreider has researched and analyzed over 150 cybersecurity architectures, frameworks, and models, he has saved you hundreds of hours of research. He sets you up for success by talking to you directly as a friend and colleague, using practical examples. His book helps you to:Identify the proper cybersecurity program roles and responsibilities. Classify assets and identify vulnerabilities. Define an effective cybersecurity governance foundation. Evaluate the top governance frameworks and models. Automate your governance program to make it more effective. Integrate security into your application development process. Apply defense-in-depth as a multi-dimensional strategy. Implement a service management approach to implementing countermeasures.
With this handbook, you can move forward confidently, trusting that Schreider is recommending the best components of a cybersecurity program for you. In addition, the book provides hundreds of citations and references allow you to dig deeper as you explore specific topics relevant to your organization or your studies.
Are you intimidated by insurance? Have no fear — this easy-to-understand guide explains everything you need to know, from getting the most coverage at the best price to dealing with adjusters, filing claims, and more. Whether you're looking for personal or business insurance, you'll see how to avoid common pitfalls, lower your costs, and get what you deserve at claim time.Get to know the basics — understand how to make good insurance decisions and reduce the chances of a financial loss in your life
Take your insurance on the road — manage your personal automobile risks, handle special situations, insure recreational vehicles, and deal with insurance adjusters
Understand homeowner's and renter's insurance — know what is and isn't covered by typical policies, common exclusions and pitfalls, and how to cover yourself against personal lawsuits
Buy the right umbrella policy — discover the advantages, and coordinate your policies to cover the gaps
Manage life, health, and disability risks — explore individual and group policies, understand Medicare basics, and evaluate long-term disability and long-term-care insurance
Open the book and find:The best life, health, home, and auto policies
Strategies for handling the claims process to get what you deserve
Tips on adjusting your deductible to suit your lifestyle
How to navigate healthcare policies
Ways to reduce your risk and your premiums
Common traps and loopholes
Considerations for grads, freelancers, and remote workers
Atlantic Publishing is a small, independent publishing company based in Ocala, Florida. Founded over twenty years ago in the company president's garage, Atlantic Publishing has grown to become a renowned resource for non-fiction books. Today, over 450 titles are in print covering subjects such as small business, healthy living, management, finance, careers, and real estate. Atlantic Publishing prides itself on producing award winning, high-quality manuals that give readers up-to-date, pertinent information, real-world examples, and case studies with expert advice. Every book has resources, contact information, and web sites of the products or companies discussed.
Good Profit: How Creating Value for Others Built One of the World’s Most Successful Companies is a nonfiction book that outlines the management strategy of Charles G. Koch, the chief executive officer (CEO) of Koch Industries, Inc. It builds on his 2007 book, The Science of Success: How Market-Based Management Built the World’s Largest Private Company, by including guidance on how to apply his management strategies, and answers questions about Koch Industries’s success and failures…
PLEASE NOTE: This is key takeaways and analysis of the book and NOT the original book.
Inside this Instaread of Good Profit:
· Overview of the book
· Important People
· Key Takeaways
· Analysis of Key Takeaways