Information Security Leaders Handbook: How To Be An Effective Information Security Leader By Focusing On Fundamental Models
暫譯: 資訊安全領導者手冊：如何專注於基本模型成為有效的資訊安全領導者

The information security threat landscape changes frequently as a result of changes in technologies, economic issues, globalization, social activism and hectavism, new political realities, and innovations by plain old criminals who want to steal data for financial benefits. Along with, the role and responsibilities of security professionals, especially the ones in the leadership roles, also change. Instead of playing a catch up game all the time, this book emphasizes focusing on basic principles and techniques. The information security leaders should implement these principles to update their personal knowledge, to safeguard their organization’s information assets and optimize information security cost. After having meetings with many information security leaders in diverse industry sectors, I have realized that there is a set of “fundamental” models that help these leaders run successful and effective information security programs. This book is a summary of these fundamentals. Who are the target audience? If you are an information security professional, whether in a leadership role or aspiring to be a future leader, this book is for you. What is this book about? The objective of this book is to make you successful as information security professional by learning from experience of great leaders in this field. It provides core fundamental models in a concise manner that are easy to read and use in managing information security. Most of the chapters accompany visual mind maps, action items, and other visual tools for easy understanding. How is this book organized? The book covers a set of carefully selected topics. This is to ensure that focus remains on principles that are the most important to the success of a security professional. The topics are arranged in six parts as listed below. 1. Know The Business – List of topics important for understanding and knowing the business. 2. Information Security Strategy – Elements of information security strategy, how to create strategy and put it into practice. 3. Security Operations – Major areas related to running an effective security operations program. 4. Risk Management – How to assess and manage risk. 5. Personal Branding – Creating personal brand and establishing credibility to be effective as information security leader. 6. Appendices – Miscellaneous data points and sources of information. How I Use This Book? I suggest that you read one chapter daily, take actions, set goals, and write those actions and goals on the “Goals and Activity Log” page at the end of each chapter. Next day, read another chapter and write the actions and goals with target dates. As you go along, start reading random chapters and keep on reviewing and updating your actions and goals to measure your progress and success. A Systematic Way of Achieving Excellence The book provides a systematic and measureable way towards excellence in your job. I have gone to great length to limit each topic to two pages or less. Please use the “Goals and Activity Log” page to record your progress and make the best use of your time. While you go along, record your experiences and share them on the book web site. Book Web Site Many detailed mind maps, new articles, and discussions are made available at the book web site http://InfoSecLeadersHandbook.wordpress.com. New content will be added on an ongoing basis and you can actually publish your own mind maps on this web site. I would like this web site to be driven by the community where you can share your experiences, tools, mind maps, and any other information to help the information security leaders. Please register on the web site to receive updates.