Program Architecture

Business executives consider what is necessary to protect the company. It comes down to people, process and technology, organized within an information security program. Everything has its place within the program, including business processes, assets and the right blend of controls to protect them.This book describes program architecture, the discipline of designing, implementing and leading information security programs.* Prove Yourself Ready Now* Team Development and Retention* Program Maturity* Influence Support and Funding* Cyber Threat Intelligence* Third Party Risk Management * Metrics and Reporting* Insider Risk Monitoring and Response* Threat Landscape and Controls Analysis* Conduct an Assessment* Crisis Communications* Control by GovernanceThis book provides practical advice in the areas of cybersecurity and operational risk management. The goal is to provide readers with practical advice they can use upon return to work.Chapter abstracts:Chapter 1Prove yourself ready nowThis chapter provides practical advice to prove yourself 'ready now' for a cybersecurity management role. The journey begins with a view from the executive's side of the table and how to speak in terms of risk. There is an overview of risk management, with tips for influencing risk mitigation. Focus transitions to how a communications plan can make you more effective as a leader. There is practical advice for developing presentation skills with limited stress and anxiety through a four-step approach. With that skill in-place you can communicate program statuses to executives. Professional development and C-Level presentation round out the chapter.Chapter 2Team development and retentionThis chapter provides leaders with practical advice for developing employees in their current role, with tips to help them move laterally or to pursue promotion to management. The focus shifts to management routines throughout a calendar year, including performance and development plans, communications, financial acumen, talent review and program architecture. The chapter begins to conclude with performance calibration, succession planning, promotions and retention risk.If you are an individual contributor with a goal of being promoted to leadership, there is a significant value in this chapter. There are also activities behind the scenes that you should know about in your current role.Chapter 3Program maturityInformation security professionals must focus on maturity within cybersecurity and operational risk contexts. This chapter provides guidance to improve program maturity within four levels. It starts by establishing a foundation with a control framework, laws, regulations and contractual obligations. Next are common controls, necessary and common sense from an information security perspective. Active risk management includes types of analysis, assessment and mitigation. Strong risk management is conducted by organizations that have a very low risk tolerance. This risk-prioritized approach can be used to influence funding. So that's part of the strategy, you need support and funding to mature the program over years.Chapter 4Influence support and fundingInfluencing change with business and IT executives is a learned skill. This chapter begins with five areas of focus to influence support and funding. The concept of 'bring friends' solicits the support of other operational risk functions. Management routines are provided as effective ways to mitigate risk, including a risk register process, a cybersecurity committee, tabletop exercises and a cybersecurity risk management framework. Three risk analysis methodologies are provided as practical advice to communicate security risk. Tips to develop financial acumen include two budget slide examples. The chapter concludes with emphasis on the need to be a change agent and to close on projects, initiatives and risk mitigation.Chapter 5Cyber threat intelligenceA Cyber Threat Intelligence (CTI) Program drives change to adapt to emerging threats and new technology. That change reduces incident occurrence, with a goal of preventing an incident from becoming a data breach. The chapter provides practical advice to establish a CTI program that generates system hardening, threat hunting, monitoring and incident response. CTI inputs are detailed within advisory subscriptions and six other categories. CTI activities continue with an intake process, processing an advisory, taking action and CTI meetings. CTI program architecture continues with security monitoring alerts and tips to establish a threat hunting program. The chapter concludes with adversarial tactics and CTI program indicators.Chapter 6Third party risk managementThis chapter describes designing a Third Party Risk Management (TPRM) program. It details the end-to-end process: identify, risk rank, assess, risk treatment, monitor, oversight, escalations and decommissioning. A framework is provided as a program outline, with decision points to select from....