Corporate information security is often hindered by a lack of adequate communication between the security team and the rest of the organisation: many consider information security a block, not a benefit, and view security professionals with suspicion.
Information Security – A Practical Guide addresses that issue by providing a broad overview of basic information security practices that will enable your security team to better engage with their peers in order to address the threats facing the organisation as a whole. Topics covered include:
- How to understand the security culture of the organisation
- Getting to know the organisation and building relationships with key personnel
- How to identify gaps in the organisation’s security set-up
- Identifying, categorising and prioritising risks
- The five levels of risk appetite and how to apply risk treatments via security controls
- How to raise security awareness and engage with specific peer groups
- The importance of conducting regular penetration testing and what to do with the results
- A standards-based approach to information security
Table of content:
1: Day one as a security professional
2: Business impact of breaches
3: Business Risk Appetite
4: Threats
5: Quick and dirty risk assessment
6: Getting buy in from your peers
7: Documenting the system for everyone
8: Mapping data in the system
9: Penetration testing
10: Information Security Policy
