Product Description
Building a Practical Information Security Program provides users with a strategic view on how to build an information security program that aligns with business objectives. The information provided will enable both executive management and IT managers not only to validate existing security programs, but also to build new business-driven security programs. In addition, the subject matter enables aspiring security engineers to forge a career path to successfully manage a security program, thereby adding value and reducing risk to the business.
The book helps users resolve immediate tactical needs, transform security needs into strategic goals, and ultimately put programs into operation with full lifecycle management. Readers will learn how to translate technical challenges into business requirements, understand when to “go big or go home,” explore in-depth defense strategies, and review tactics on when to absorb risk.
There is so much noise, marketing, and fear in the industry now that spending and deploying based on generic products and standards is often fruitless and a costly waste of time and energy. This book shows users how to properly plan and implement an infosec program based on business strategy and results.
