Introduction We begin Volume 2 with a discussion about people. As you strive to create a world-class cybersecurity program, you must recognize and address the critical human element. We look at the human element from several different perspectives. We include the...
Introduction Educating your workforce about cybersecurity through an awareness program is a foundational requirement that all cybersecurity standards share. So why don’t we have a very well-educated workforce when it comes to cybersecurity? Perhaps too many...
Introduction Networks are noisy. From heartbeats to probing, from legitimate database extracts to covert data exfiltration, from sensor telemetry to malware infusions, there is an enormous amount of traffic on your network. Without a strategic and diligent approach,...
Introduction In the first three chapters of Volume 2 we have been focused internally. In Chapter 13, we turn our focus to outside your organization. Threat intelligence, like situational awareness, is the discipline of becoming conscious of the environment in which...
Introduction In the next four chapters, we’re going to do a deep dive into the entire process of preparing for, responding to, recovering from, and learning from cyber incidents. A passage Bill writes in Chapter 17 is worth previewing here: While it’s helpful to break...
Introduction Incident response is the most visible function for a typical CISO. For good or for ill, it is the primary way CISOs are judged. Beyond the immediate impact of demonstrating the organization’s resilience to customers, management and employees, how an...
Introduction There is a fine line between incident response and recovery and resuming operations. To some extent, that line is only academically useful. The authors have covered many of the discrete activities in resuming operations in Chapter 14. Nonetheless, there...
Introduction Although we are covering them in one chapter, forensics activities and post-mortem activities for cyber incidents are entirely different. We’re going to repeat a passage from the introduction to Chapter 14: while it’s helpful to break the entire incident...
Introduction While drafting and editing the material for this book, we thought we could offer additional value by providing an essay on each topic by all three authors, independently edited, to preserve their unique perspective and voice. It is a technique that was...
Praise for the Book
“This book, and its volume one companion, will provide any CISO, newbie or ragged veteran, the reference material to build and improve their security programs.”
CSO – Palo Alto Networks
“In this, the second instalment of The CISO Desk Reference Guide, Stamper, Hayslip and Bonney team up once again to deliver a seamless continuation of its predecessor. Each author gives us a revealing lens through which to view the remit of a CISO… they challenge the reader to operate to a much higher standard, explaining exactly how to do so. The book’s power resides in each author’s ability to synthesize and to present this in pragmatic prose, conveying the importance of the role of a CISO.”
Founder of Cyber Security Capital, Board Advisor ClubCISO, U.K.
“The best disposition I have read on how to, in practical terms, address the cyber talent scarcity issue. We’ve been talking about the problem for years…the authors give actionable steps for how CISOs can build a “blended capability” program – FTE hiring, cross- and up-skilling existing talent, creating security evangelists across the organization, and leveraging MSSPs for commodity functions. This scarcity of skills is not going away, so it’s crucial we take pragmatic steps to address it.”
Chief Security Office – Barclays Africa Group Ltd.
“This is how it’s done, plain and simple. This is the Rosetta Stone of security, connecting the technology, the business and the people. The devil is in the details, and this book details it in a way that is personal, usable and, above all, practical.”
CSO – Cybereason
“Volume 2 applies the very original and effective Desk Reference approach to more key CISO concerns, from the cybersecurity skills gap to incident response and crisis management.”
Stephen Cobb, CISSP
Senior Security Researcher, ESET North America
“This CISO Desk Reference, Volume 2, is by far the best CISO reference available today…. If you are aspiring to become a CISO, this book will help you design a comprehensive security program… If you are currently a CISO, this book will provide you unique guidance about the strategic and operational intricacies of a modern security program!”
CISO – Ellie Mae
“The second volume of the CISO Desk Reference Guide is a perfect continuation of the definitive first volume. Volume 2 provides insights, best practices and utility in useful and practical chapters. I am grateful to the authors for generously sharing their years of hard-earned experience and knowledge. They are raising the bar for security professionals everywhere.”
Chief Information Security Officer – ResMed
“AMAZING! I JUST LOVED THE BOOK! Being a new CISO, I have got to be learning every day… The authors have only emphasised that, promoting continuous learning for the CISOs. They did an amazingly great job.”
Magda Lilia Chelly, CISSP, PhD
Managing Director | CISO As A Service
Responsible Cyber Pte. Ltd., Singapore