The Manager’s Guide to Cybersecurity Law: Essentials for Today's Business

Rothstein Publishing
1
Free sample

In today’s litigious business world, cyber-related matters could land you in court. As a computer security professional, you are protecting your data, but are you protecting your company? While you know industry standards and regulations, you may not be a legal expert. Fortunately, in a few hours of reading, rather than months of classroom study, Tari Schreider’s The Manager’s Guide to Cybersecurity Law: Essentials for Today’s Business, lets you integrate legal issues into your security program.

Tari Schreider, a board-certified information security practitioner with a criminal justice administration background, has written a much-needed book that bridges the gap between cybersecurity programs and cybersecurity law. He says, “My nearly 40 years in the fields of cybersecurity, risk management, and disaster recovery have taught me some immutable truths. One of these truths is that failure to consider the law when developing a cybersecurity program results in a protective façade or false sense of security.”

In a friendly style, offering real-world business examples from his own experience supported by a wealth of court cases, Schreider covers the range of practical information you will need as you explore – and prepare to apply – cybersecurity law. His practical, easy-to-understand explanations help you to:

  • Understand your legal duty to act reasonably and responsibly to protect assets and information.
  • Identify which cybersecurity laws have the potential to impact your cybersecurity program.
  • Upgrade cybersecurity policies to comply with state, federal, and regulatory statutes.
  • Communicate effectively about cybersecurity law with corporate legal department and counsel.
  • Understand the implications of emerging legislation for your cybersecurity program.
  • Know how to avoid losing a cybersecurity court case on procedure – and develop strategies to handle a dispute out of court.
  • Develop an international view of cybersecurity and data privacy – and international legal frameworks.

Schreider takes you beyond security standards and regulatory controls to ensure that your current or future cybersecurity program complies with all laws and legal jurisdictions. Hundreds of citations and references allow you to dig deeper as you explore specific topics relevant to your organization or your studies. This book needs to be required reading before your next discussion with your corporate legal department.

Read more
Collapse

About the author

Tari Schreider, SSCP, CISM, C|CISO, ITIL Foundation, is a distinguished technologist and nationally known expert in the fields of cybersecurity, risk management, and disaster recovery. Co-founder of Prescriptive Risk Solutions, LLC (PRS), he is former Chief Security Architect at Hewlett-Packard Enterprise. PRS designs custom solutions for companies with challenging legal and regulatory compliance issues that need to be solved quickly. PRS maintains one of the world’s largest databases of security and disaster recovery incidents with nearly 12,000 incidents covering 10.6 billion compromised records.

Mr. Schreider has designed and implemented complex cybersecurity programs including a red team penetration testing program for one of the largest oil and gas companies in the world, an NERC CIP compliance program for one of Canada’s largest electric utility companies, and an integrated security control management program for one of the US’ largest 911 systems. He has advised organizations from China to India on how to improve their cybersecurity programs through his Information Security Service Management – Reference Model (ISSM-RM). Schreider implemented a virtual Security Operations Center network with vSOCs located in the US, Brazil, Italy, Japan, Sweden, and the US. He was also responsible for creating the first Information Sharing and Analysis Center in collaboration with the Information Technology Association of America (IT-ISCA). His earliest disaster recovery experiences included assisting companies affected by the 1992 Los Angeles Rodney King Riots, and 1993 World Trade Center bombing. His unique experience came during the 1990 Gulf War, helping a New York financial institution recover after becoming separated from its data center in Kuwait.

Schreider has appeared on ABC News, CNN, CNBC, NPR, and has had numerous articles printed in security and business magazines including Business Week, New York Times, SC Magazine, The Wall Street Journal, and many others.

He studied Criminal Justice at the College of Social & Behavioral Sciences at the University of Phoenix and holds the following certifications in security and disaster recovery:

• American College of Forensic Examiners, CHS-III • Certified CISO (C|CISO) • Certified Information Security Manager (CISM) • ITILTM v3 Foundation Certified • System Security Certified Practitioner (SSCP) • The Business Continuity Institute, MBCI • University of Richmond – Master Certified Recovery Planner (MCRP)

Kristen Noakes-Fry, ABCI, is Executive Editor at Rothstein Publishing. Previously, she was a Research Director, Information Security and Risk Group, for Gartner, Inc.; Associate Editor at Datapro (McGraw- Hill); and Associate Professor of English at Atlantic Cape College in New Jersey. She holds an M.A. from New York University and a B.A. from Russell Sage College.

Read more
Collapse
3.0
1 total
Loading...

Additional Information

Publisher
Rothstein Publishing
Read more
Collapse
Published on
Feb 1, 2017
Read more
Collapse
Pages
164
Read more
Collapse
ISBN
9781944480301
Read more
Collapse
Read more
Collapse
Read more
Collapse
Language
English
Read more
Collapse
Genres
Business & Economics / General
Business & Economics / Insurance / General
Business & Economics / Insurance / Risk Assessment & Management
Business & Economics / Management
Read more
Collapse
Content Protection
This content is DRM protected.
Read more
Collapse
Read Aloud
Available on Android devices
Read more
Collapse
Eligible for Family Library

Reading information

Smartphones and Tablets

Install the Google Play Books app for Android and iPad/iPhone. It syncs automatically with your account and allows you to read online or offline wherever you are.

Laptops and Computers

You can read books purchased on Google Play using your computer's web browser.

eReaders and other devices

To read on e-ink devices like the Sony eReader or Barnes & Noble Nook, you'll need to download a file and transfer it to your device. Please follow the detailed Help center instructions to transfer the files to supported eReaders.
Is security management changing so fast that you can’t keep up? Perhaps it seems like those traditional “best practices” in security no longer work? One answer might be that you need better best practices! In their new book, The Manager’s Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security, two experienced professionals introduce ESRM. Their practical, organization-wide, integrated approach redefines the securing of an organization’s people and assets from being task-based to being risk-based.

In their careers, the authors, Brian Allen and Rachelle Loyear, have been instrumental in successfully reorganizing the way security is handled in major corporations. In this ground-breaking book, the authors begin by defining Enterprise Security Risk Management (ESRM):

“Enterprise security risk management is the application of fundamental risk principles to manage all security risks − whether information, cyber, physical security, asset management, or business continuity − in a comprehensive, holistic, all-encompassing approach.”

In the face of a continually evolving and increasingly risky global security landscape, this book takes you through the steps of putting ESRM into practice enterprise-wide, and helps you to:

Differentiate between traditional, task-based management and strategic, risk-based management. See how adopting ESRM can lead to a more successful security program overall and enhance your own career. . Prepare your security organization to adopt an ESRM methodology. . Analyze and communicate risks and their root causes to all appropriate parties. . Identify what elements are necessary for long-term success of your ESRM program. . Ensure the proper governance of the security function in your enterprise. . Explain the value of security and ESRM to executives using useful metrics and reports. .

Throughout the book, the authors provide a wealth of real-world case studies from a wide range of businesses and industries to help you overcome any blocks to acceptance as you design and roll out a new ESRM-based security program for your own workplace.

You designed your Business Continuity Plan to keep your business in business regardless of the forces of man and nature. But how do you know that the plan really works? Few companies can afford the recommended full-scale exercises several times a year. In The Manager’s Guide to Business Continuity Exercises, Jim Burtles, an internationally known expert, details the options for conducting a range of tests and exercises to keep your plan effective and up to date.

Your challenge is to maintain a good and effective plan in the face of changing circumstances and limited budgets. If your situation is like that in most companies, you really cannot depend on the results of last year’s test or exercise of the plan. People tend to forget, lose confidence, lose interest, or even be replaced by other people who were not involved in your original planning. Jim Burtles explains:

“You cannot have any real confidence in your plans and procedures until they have been fully tested...Exercises are the only way we can be sure that the people will be able to interpret the plans and procedures correctly within the requisite timeframe under difficult circumstances.”

As you do your job in this constantly shifting context, Jim Burtles helps you to: • Differentiate between an “exercise” and a “test” – and see the value of each in your BC program. • Understand the different types of plans and identify the people who need to be involved in exercises and tests for each. • Use the “Five-Stage Growth Path” – from desktop to walkthrough to full-scale exercise -- to conduct gradual testing, educate personnel, foster capability, and build confidence. • Create a variety of unusual scenario plot-lines that will keep up everyone’s interest. • Identify the eight main elements in developing and delivering a successful BC exercise. • Select and prepare a “delivery team” and a “response team” for your exercise. • Make sure everyone understands the “rules of engagement.” • Use the lessons learned from exercises and tests to audit, update, and maintain the plan.

You are well aware that a host of problems may crop up in any kind of company-wide project. These problems can range from basic logistics like time and place, to non-support from executives and managers, to absenteeism, to the weather, to participants forgetting their lines. Throughout the book, Burtles uses his decades of experience working with companies like yours to give you useful examples, case studies, and down-to-earth advice to help you handle the unexpected and work toward the results you are looking for.

Have you begun to question traditional best practices in business continuity (BC)? Do you seem to be concentrating on documentation rather than preparedness? Compliance rather than recoverability? Do your efforts provide true business value? If you have these concerns, David Lindstedt and Mark Armour offer a solution in Adaptive Business Continuity: A New Approach. This ground-breaking new book provides a streamlined, realistic methodology to change BC dramatically.

After years of working with the traditional practices of business continuity (BC) – in project management, higher education, contingency planning, and disaster recovery – David Lindstedt and Mark Armour identified unworkable areas in many core practices of traditional BC. To address these issues, they created nine Adaptive BC principles, the foundation of this book:

Deliver continuous value. Document only for mnemonics. Engage at many levels within the organization. Exercise for improvement, not for testing. Learn the business. Measure and benchmark. Obtain incremental direction from leadership. Omit the risk assessment and business impact analysis. Prepare for effects, not causes.

Adaptive Business Continuity: A New Approach uses the analogy of rebuilding a house. After the initial design, the first step is to identify and remove all the things not needed in the new house. Thus, the first chapter is “Demolition” – not to get rid of the entire BC enterprise, but to remove certain BC activities and products to provide the space to install something new. The stages continue through foundation, framework, and finishing. Finally, the last chapter is “Dwelling,” permitting you a glimpse of what it might be like to live in this new home that has been created.

Through a wealth of examples, diagrams, and real-world case studies, Lindstedt and Armour show you how you can execute the Adaptive BC framework in your own organization. You will:

Recognize specific practices in traditional BC that may be problematic, outdated, or ineffective. Identify specific activities that you may wish to eliminate from your practice. Learn the capability and constraint model of recoverability. Understand how Adaptive BC can be effective in organizations with vastly different cultures and program maturity levels. See how to take the steps to implement Adaptive BC in your own organization. Think through some typical challenges and opportunities that may arise as you implement an Adaptive BC approach.
Soon after watching the twin towers falling in New York, some of those with business responsibilities were already asking themselves whether people would be willing to work in tall buildings ever again. Is work too risky? How can people be expected to attend work in what might now be seen as precarious and vulnerable workplaces and cities? Although, thankfully, large scale terrorist attacks are infrequent, the world's cities, and the businesses to which they are home, have been put on notice that it can come to any place at any time. In Terrorism, the Worker and the City, Luke Howie considers what steps managers and employees can and should take to protect their businesses from such an amorphous and indefinable threat. Deftly combining theoretical insight with empirical research, he reveals how, despite an appearance of 'business as usual', fear; anxiety; and suspicion permeate workplaces, even in cities that may not be at the top of any terrorist group's target list. Using the Australian city of Melbourne, a cosmopolitan city and major business centre with nearly four million people, as a metaphor for other such cities around the world, Dr Howie's research has uncovered that even where they don't perceive a high level threat, business managers who might face having to account for themselves to some post event Inquiry have taken action in consequence of the situation. Often, that action amounts to the introduction of what can be described as 'Simulated Security'. This cannot ever provide certain protection from terrorist attack, but it may be the best we can reasonably do. There is also evidence that it can be effective in terms of providing the reassurance to counter the terrorist objective of disrupting normal life through fear. With its rigorous research compared with other more speculative works on this subject, Terrorism, the Worker and the City will appeal to city and business leaders and managers, and security professionals, as well as those in governmenta
You know by now that your company could not survive without the Internet. Not in today’s market. You are either part of the digital economy or reliant upon it. With critical information assets at risk, your company requires a state-of-the-art cybersecurity program. But how do you achieve the best possible program? Tari Schreider, in Building Effective Cybersecurity Programs: A Security Manager’s Handbook, lays out the step-by-step roadmap to follow as you build or enhance your cybersecurity program.

Over 30+ years, Tari Schreider has designed and implemented cybersecurity programs throughout the world, helping hundreds of companies like yours. Building on that experience, he has created a clear roadmap that will allow the process to go more smoothly for you. Building Effective Cybersecurity Programs: A Security Manager’s Handbook is organized around the six main steps on the roadmap that will put your cybersecurity program in place:

Design a Cybersecurity ProgramEstablish a Foundation of GovernanceBuild a Threat, Vulnerability Detection, and Intelligence CapabilityBuild a Cyber Risk Management CapabilityImplement a Defense-in-Depth StrategyApply Service Management to Cybersecurity Programs

Because Schreider has researched and analyzed over 150 cybersecurity architectures, frameworks, and models, he has saved you hundreds of hours of research. He sets you up for success by talking to you directly as a friend and colleague, using practical examples. His book helps you to:

Identify the proper cybersecurity program roles and responsibilities. Classify assets and identify vulnerabilities. Define an effective cybersecurity governance foundation. Evaluate the top governance frameworks and models. Automate your governance program to make it more effective. Integrate security into your application development process. Apply defense-in-depth as a multi-dimensional strategy. Implement a service management approach to implementing countermeasures.

With this handbook, you can move forward confidently, trusting that Schreider is recommending the best components of a cybersecurity program for you. In addition, the book provides hundreds of citations and references allow you to dig deeper as you explore specific topics relevant to your organization or your studies.

Now updated — your guide to getting the best insurance policy

Are you intimidated by insurance? Have no fear — this easy-to-understand guide explains everything you need to know, from getting the most coverage at the best price to dealing with adjusters, filing claims, and more. Whether you're looking for personal or business insurance, you'll see how to avoid common pitfalls, lower your costs, and get what you deserve at claim time.

Get to know the basics — understand how to make good insurance decisions and reduce the chances of a financial loss in your life

Take your insurance on the road — manage your personal automobile risks, handle special situations, insure recreational vehicles, and deal with insurance adjusters

Understand homeowner's and renter's insurance — know what is and isn't covered by typical policies, common exclusions and pitfalls, and how to cover yourself against personal lawsuits

Buy the right umbrella policy — discover the advantages, and coordinate your policies to cover the gaps

Manage life, health, and disability risks — explore individual and group policies, understand Medicare basics, and evaluate long-term disability and long-term-care insurance

Open the book and find:

The best life, health, home, and auto policies

Strategies for handling the claims process to get what you deserve

Tips on adjusting your deductible to suit your lifestyle

How to navigate healthcare policies

Ways to reduce your risk and your premiums

Common traps and loopholes

Considerations for grads, freelancers, and remote workers

All projects are inherently risky, and especially complex ones can potentially be the downfall for even the most experienced project manager. From technical challenges to resource issues to overwhelming and unrealistic deadlines to the rarely dependable commitment of your subcontractors, any number of things can go completely wrong--any day of the week! Therefore, perhaps the most essential component of every project manager’s job is the ability to identify potential risks before they cause unnecessary headaches and turmoil all around.Fully updated and consistent with the Risk Management Professional (RMP) certification and the Guide to the Project Management Body of Knowledge (PMBOK®), Identifying and Managing Project Risk remains the definitive resource for project managers seeking to be pro-active in their efforts to guard against failure and minimize unwanted surprises. From being able to draw on real-world situations and hundreds of examples of those who have gone before them, readers of this third edition will learn how to:• Use high-level risk assessment tools• Implement a system for monitoring and controlling projects• Properly document every consideration• Personalize proven methods for project risk planning to fit their specific project• And moreComplete with fresh guidance on program risk management, qualitative and quantitative risk analysis, simulation and modeling, and significant “non-project” risks, this one-stop indispensable resource is what every project manager needs to eliminate surprises and keep their projects on task.
©2019 GoogleSite Terms of ServicePrivacyDevelopersArtistsAbout Google|Location: United StatesLanguage: English (United States)
By purchasing this item, you are transacting with Google Payments and agreeing to the Google Payments Terms of Service and Privacy Notice.