The CISO Playbook (Security, Audit and Leadership Series)

Cover
Half Title
Series
Title
Copyright
Dedication
Contents
Foreword
Preface
About the Author
Special Contributors
Acknowledgments
Chapter 1 Be the Candidate
	The Company or Organization
	The Position
		Type of CISO
		Reporting Structure
		Level
		Authority
		Budget
		Package
		Protection
		Risk
		Incident Management
		The Teams Up and Down
		Offer Letter
	Expert Advice
		Crafting Your Brand as a Security Leader
		Options for CISOs When Considering Next Steps or Future Options
		Negotiating the Finer Points of an Offer Letter
	Real-World Perspective
Chapter 2 Be a Student of the Business
	First 30 Days
		Crown Jewel Analysis
		Attack Surface
		Cover the Basics
		Implement Basic Metrics
		Security Is a Business Concern
		Build Trust Up and Down
		Develop a Plan
	First 60 Days
		Inventory Your Resources
		Inventory Your Ecosystem
	First 90 Days
		Identify Quick Wins
		Outreach
		Commence With Changes
	Expert Advice
	Real-World Perspective
Chapter 3 Be a Builder
	General Framework
		Asset Inventory
			SBOM
		Attack Surface Management
			External Perspective – EASM
			Shadow IT
			B2C/B2B
			Insiders
			Non-Generic Computing Devices
			Alternate Ingress Pathways
			Privileged Users
			Source Code Repositories
			SSH
			Ephemeral Port Openings
			Supply Chain
			Free and Open-Source Software (FOSS)
			Software as a Service (SaaS)
			Data
		Understand Your Data
		Risk Register
		Policies
		Controls
		Incident Management
		Awareness
		Continuous Monitoring
		Change Management
		Vulnerability and Threat Management
			Threat Hunting
		Ensure Defenses are Adequate
		Continuous Testing
		Continuous Improvement
		Partnerships
		TPRM
		Metrics
		Create Steering Committees
	Real World Perspective
Chapter 4 Be a Risk Manager
	Risk Management
		Risk Measurement
		Risk Mitigation Plans
		Enterprise Risk Management (ERM)
			ERM Frameworks
		Third-Party Risk Management (TPRM) Program
		Risk Presentation
	Expert Advice
	Real World Perspective
Chapter 5 Be an Operator
	SecOps
		People
		Processes
		Technology
		Governance and Metrics
		Security Operations Center (SOC)
		Security Incident and Event Monitoring (SIEM)
			Next Generation (NG) SIEM
		Security Orchestration, Automation, and Response (SOAR)
		Endpoint Detection and Response (EDR) and Network Detection and Response (NDR)
		Threat Intelligence Platforms (TIP)
		User and Entity Behavior Analytics (UEBA)
		Managed Security Service Provider (MSSP)
	SecOps Management
		Goals and Objectives
		Metrics and KPIs
		Data Analysis
		Communication
	Expert Advice
Chapter 6 Be a First Responder
	Resilience
	Incident Response (IR)
		IR Plan Template
	Disaster Recovery (DR)
		DR Plan Template
	Business Continuity Planning (BCP)
	Antifragility
	Chaos Engineering
	Real World Perspective
	True Story
Chapter 7 Be a Team Lead
	Organizational Size
	Building a Cybersecurity Team
	Standard Team Structure
		Leadership
			Steering Committee
			Deputy CISO
		Architecture
			Security Architect
			Application Security Architect
			SOC Architect
		Operations
			SOC Manager
			SOC Engineer
			SOC Analyst
			SIEM Engineer
			Cybersecurity Incident Responders
			Threat Intelligence Analyst
			Vulnerability and Threat Management (VTM) Program
		Engineering
			Cybersecurity Engineer
			Application Security Engineers
			Cloud Security Engineer
			Network Security Engineers
			IAM Specialists
		Cyber GRC
			Awareness and Training Specialists
			GRC Specialists
		Other Possible Roles
			AI Security Specialist
			Operational Technology (OT) Security Specialist
			Data Security Specialist
			Resilience Specialist
		Red, Blue, Purple
		Certifications
			Pros
			Cons
	Maintaining a Cybersecurity Team
		Keeping the Team Engaged
		Continuous Learning
	Expert Advice
Chapter 8 Be an Executive Leader
	Executive Qualities
	Managing Up
	Managing Down
	Expert Advice
	Real-World Perspective
	True Story
Chapter 9 Be a Governance, Risk, and Compliance (GRC) Advocate
	Information Assurance
		Risk Assessment
		Risk Management
		Information Security Policies
		Security Controls
		Validation Processes
		Incident Response Plan
		Continuous Monitoring and Improvement
		Benefits
		Challenges
		Strategies
	Corporate Governance
	Expert Advice
	Real World Perspective
Chapter 10 Be a Measurer
	Building a Successful Metrics Program
	Metrics
		Cost Savings
		Financial Loss Protection
			Financial Loss Avoidance
		Security Awareness
		Vulnerability and Threat Management
		Threat Detection
		Incident Management
		Risk Management
		Compliance
	Alternative Metrics
	Cyber Risk Quantification
		CRQ Key Concepts
		Annual Loss Expectancy
		CRQ Models
			Factor Analysis of Information Risk (FAIR)
			CyberInsight
			Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
			Threat Assessment and Remediation Analysis (TARA)
			Monte Carlo Simulations
			NIST SP 800–30
	Expert Advice
	Real-World Perspective
Chapter 11 Be a Communicator
	Effective Communication
	Expert Advice – Effective Communication
	Translation
	Storytelling
	Expert Advice – Storytelling
	Real-World Perspective – Storytelling
	True Story – Storytelling
	Crisis Communications
Chapter 12 Be a Vendor Manager/Negotiator
	Salespeople
		Negotiations
	Expert Advice – Salespeople
	Real-World Perspective – Salespeople
	True Stories – Salespeople
		Story 1
		Story 2
	Vendors
	Expert Advice – Vendors
	Real-World Perspective – Vendors
	Investors
	Expert Advice – Venture Capitalist
	Real-World Perspective – Venture Capitalist
Chapter 13 Be an Effective CISO
	Being Effective
		Basics
		Balance
		Business Terms
		Financial Literacy
			Financial Concepts
			Financial Statements
			Cost-Benefit Analysis (CBA)
			Alignment
			Budgeting
		Cyber Insurance
		Security-First Culture
		Adversarial Mindset
		Environmental, Social, and Governance (ESG)
			Environmental
			Social
			Governance
		Self-Preservation
		Credo
			Excellence
			Ethical Integrity
			Transparency
			Leading by Example
			Leading With Compassion and Empathy
			Advocacy for Privacy
			Proactive Vigilance
			Resilience in the Face of Adversity
			Education, Collaboration, and Empowerment
			Service to the Community
			Innovation and Adaptability
			Building for the Future
	Final Thought
Index