Introduction

Explain the book’s focus, audience, organization, and contents.

Chapter 1: Rationalize Cybersecurity for your Business Landscape

Describes the six cybersecurity priority focus areas.

Chapter 2: Identify and Empower Security-Related Roles

Explains how the people in the business each contribute to the secure operation of the business and its digital systems.

Chapter 3: Establish a Control Baseline

Chapter 4: Simplify and Rationalize IT and Security

Argues that security leaders have a stake in developing an effective IT strategy, what that strategy might look like, and how security leaders – who don’t own IT - can still engage IT functions to help develop and deliver on the strategy.

Chapter 5: Manage Risk in the Language of Business

Chapter 6: Create a Strong Security Culture

Brings the cultural subtext that can make or break a cybersecurity environment into the foreground. It analyzes the components of security culture and provides guidance on how to devise a security culture improvement process and measure its effectiveness. User awareness, training, and appropriate day to day engagement with the business can all play a part in forging a constructive security culture.

Chapter 7: Put the Right Governance Model in Place

Chapter 8: Control Access with Minimal Drag on the Business

Explains why access is the critical balance beam for the business, compliance mandates, and the security program. It addresses the need for information classification, data protection, and identity and access management (IAM) controls to implement access restrictions as required to reduce risk or attain regulatory compliance but do so in a way that enables appropriate digital relationships and data sharing with internal and external users.

Chapter 9: Institute Resilience, Detection, and Response

Guides readers on how to formulate contingency plans and strategies for detection, response, and recovery which together comprise cyber-resilience.

Chapter 10: Putting the Pieces Together

Summarizes guidance given throughout the book in the “keys” for aligning with the business. It reiterates guidance on how to scale security programs and the way they align to the business based on business size, complexity, and other factors.

Use the guidance in this comprehensive field guide to gain the support of your top executives for aligning a rational cybersecurity plan with your business. You will learn how to improve working relationships with stakeholders in complex digital businesses, IT, and development environments. You will know how to prioritize your security program, and motivate and retain your team.

Misalignment between security and your business can start at the top at the C-suite or happen at the line of business, IT, development, or user level. It has a corrosive effect on any security project it touches. But it does not have to be like this. 

Author Dan Blum presents valuable lessons learned from interviews with over 70 security and business leaders. You will discover how to successfully solve issues related to: risk management, operational security, privacy protection, hybrid cloud management, security culture and user awareness, and communication challenges.