Rating: 0 out of 5 stars
0 ratings
Ebook224 pages9 hours
Information Protection Playbook
By Greg Kane
Rating: 0 out of 5 stars
()
About this ebook
The primary goal of the Information Protection Playbook is to serve as a comprehensive resource for information protection (IP) professionals who must provide adequate information security at a reasonable cost. It emphasizes a holistic view of IP: one that protects the applications, systems, and networks that deliver business information from failures of confidentiality, integrity, availability, trust and accountability, and privacy.
Using the guidelines provided in the Information Protection Playbook, security and information technology (IT) managers will learn how to implement the five functions of an IP framework: governance, program planning, risk management, incident response management, and program administration. These functions are based on a model promoted by the Information Systems Audit and Control Association (ISACA) and validated by thousands of Certified Information Security Managers. The five functions are further broken down into a series of objectives or milestones to be achieved in order to implement an IP framework.
The extensive appendices included at the end of the book make for an excellent resource for the security or IT manager building an IP program from the ground up. They include, for example, a board of directors presentation complete with sample slides; an IP policy document checklist; a risk prioritization procedure matrix, which illustrates how to classify a threat based on a scale of high, medium, and low; a facility management self-assessment questionnaire; and a list of representative job descriptions for roles in IP.
The Information Protection Playbook is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs.
- Emphasizes information protection guidelines that are driven by business objectives, laws, regulations, and industry standards
- Draws from successful practices in global organizations, benchmarking, advice from a variety of subject-matter experts, and feedback from the organizations involved with the Security Executive Council
- Includes 11 appendices full of the sample checklists, matrices, and forms that are discussed in the book
Related to Information Protection Playbook
Related ebooks
FISMA and the Risk Management Framework: The New Practice of Federal Cyber Security Security Controls Evaluation, Testing, and Assessment Handbook Rating: 5 out of 5 stars5/5Building a Practical Information Security Program Rating: 5 out of 5 stars5/5Building Effective Cybersecurity Programs: A Security Manager’s Handbook Rating: 4 out of 5 stars4/5The Chief Security Officer’s Handbook: Leading Your Team into the Future Rating: 0 out of 5 stars0 ratingsThe Manager's Handbook for Business Security Rating: 0 out of 5 stars0 ratingsBusiness Practical Security Rating: 0 out of 5 stars0 ratingsInformation Security Governance: A Practical Development and Implementation Approach Rating: 0 out of 5 stars0 ratingsApplication Security in the ISO27001 Environment Rating: 0 out of 5 stars0 ratingsSecurity Leader Insights for Effective Management: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsInfosec Management Fundamentals Rating: 5 out of 5 stars5/5Information Security Auditor: Careers in information security Rating: 0 out of 5 stars0 ratingsSecurity Risk Assessment: Managing Physical and Operational Security Rating: 5 out of 5 stars5/5Information Risk Management: A practitioner's guide Rating: 5 out of 5 stars5/5Data Breach Preparation and Response: Breaches are Certain, Impact is Not Rating: 0 out of 5 stars0 ratingsSecurity Leader Insights for Risk Management: Lessons and Strategies from Leading Security Professionals Rating: 0 out of 5 stars0 ratingsAsset Security: CISSP, #2 Rating: 0 out of 5 stars0 ratingsThe Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program Rating: 0 out of 5 stars0 ratingsHands-on Incident Response and Digital Forensics Rating: 0 out of 5 stars0 ratingsTotal Information Risk Management: Maximizing the Value of Data and Information Assets Rating: 0 out of 5 stars0 ratingsCISSP Study Guide Rating: 0 out of 5 stars0 ratingsBecoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders Rating: 5 out of 5 stars5/5Computer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5Risk Management Framework: A Lab-Based Approach to Securing Information Systems Rating: 2 out of 5 stars2/5Authorizing Official Handbook: for Risk Management Framework (RMF) Rating: 0 out of 5 stars0 ratingsInformation Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5Cyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5Security Metrics Management: Measuring the Effectiveness and Efficiency of a Security Program Rating: 0 out of 5 stars0 ratingsPhysical Security Strategy and Process Playbook Rating: 0 out of 5 stars0 ratings
Security For You
How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCybersecurity For Dummies Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsHacking For Dummies Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsTor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming Rating: 3 out of 5 stars3/5
Related podcast episodes
CISSP Training - Domain 1 - Lecture 1 0% found this document usefulIs enhanced hardware security the answer to ransomware? [CyberWire-X] 100% found this document usefulcybersecurity maturity model certification (CMMC) (noun) [Word Notes] 0% found this document usefulBig breaches (and how to avoid them): with Neil Daswani 0% found this document usefulMITRE ATT&CK (noun) [Word Notes] 0% found this document usefulCybersecurity and Hacking with Kevin Mitnick 0% found this document usefulHow To Overcome Challenges Every DPO Faces 0% found this document usefulWhy Discovering Your Niche Is Crucial To Career Success 0% found this document usefulCybersecurity Trends and Practices 0% found this document usefulNIST Cybersecurity Framework [Special Edition]: NIST Cybersecurity Framework 0% found this document useful083: SMS Pt 4 - What Does ISO 45001 Require?: Safety Management System overview 0% found this document useful
Related articles
Cyber Safe Facility ManagementArticle
Cyber Safe
Dec 23, 2018
4 min readLook Internally For New Cyber Security Employees NZBusiness and ManagementArticle
Look Internally For New Cyber Security Employees
May 27, 2019
2 min readCyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL Inc.Article
Cyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL
Sep 21, 2016
Data breaches can have far-reaching repercussions; protecting against them is a companywide mandate
2 min readCybersecurity: It Might Be The Small Stuff That Gets You NZBusiness and ManagementArticle
Cybersecurity: It Might Be The Small Stuff That Gets You
Jan 16, 2020
2 min readVulnerability Assessments PC Pro MagazineArticle
Vulnerability Assessments
Jan 7, 2021
3 min readBuilding a Cybersecurity Fence Residential Tech TodayArticle
Building a Cybersecurity Fence
Jan 30, 2019
4 min readHow to Protect Your Small Business Against a Cyber Attack EntrepreneurArticle
How to Protect Your Small Business Against a Cyber Attack
Feb 1, 2013
8 min readAct, Don't React: A Leader's Guide to Cybersecurity Rotman ManagementArticle
Act, Don't React: A Leader's Guide to Cybersecurity
Sep 1, 2019
9 min readFive Lessons Of Cybersecurity The Public Sector Can Offer The European Business ReviewArticle
Five Lessons Of Cybersecurity The Public Sector Can Offer
Jun 1, 2022
15 min readHow Do You Know You Are Okay? NZBusiness and ManagementArticle
How Do You Know You Are Okay?
May 27, 2019
2 min readFirms Must Test Cyber Resilience Plans, Policies Business TodayArticle
Firms Must Test Cyber Resilience Plans, Policies
Jul 9, 2020
4 min readMaking A Corrosion Strategy Facility ManagementArticle
Making A Corrosion Strategy
Feb 25, 2018
The degradation of private and public assets and infrastructure continues to have a major economic impact on industry and the wider community. In Australia, the yearly cost of asset maintenance is estimated to be approximately $32 billion, with $8 bi
4 min readApp To Support Employees In Speaking Up NZBusiness and ManagementArticle
App To Support Employees In Speaking Up
Aug 28, 2019
2 min read8 Network Security For Your Home And Office TechfastlyArticle
8 Network Security For Your Home And Office
Nov 30, 2020
7 min readWhy Leaders Need To Take A Risk-based Approach To Data Security NZBusiness and ManagementArticle
Why Leaders Need To Take A Risk-based Approach To Data Security
Jul 21, 2021
5 min readBolster Your Cyber Security MoneyWeekArticle
Bolster Your Cyber Security
Apr 5, 2024
2 min read01 Super Apps Are Here, But Are They Secure Enough? HWM SingaporeArticle
01 Super Apps Are Here, But Are They Secure Enough?
May 12, 2023
3 min readIntelligence Analysis PRIVATE GAME WILDLIFE RANCHINGArticle
Intelligence Analysis
Jun 13, 2018
3 min readIs Biometrics in Schools Really Worth It? TechfastlyArticle
Is Biometrics in Schools Really Worth It?
Dec 1, 2022
3 min readThe Human Side of Flying Australian FlyingArticle
The Human Side of Flying
Apr 13, 2019
3 min readUnderstanding The Weight On Security Leaders' Shoulders, And How To Shift It NZBusiness and ManagementArticle
Understanding The Weight On Security Leaders' Shoulders, And How To Shift It
Jul 20, 2022
4 min readCultivating Executive Trust In The Age Of AI Governance The European Business ReviewArticle
Cultivating Executive Trust In The Age Of AI Governance
Mar 27, 2024
8 min readBusiness Endpoint Protection 2022 PC Pro MagazineArticle
Business Endpoint Protection 2022
Nov 10, 2022
4 min readA Practical Guide To Kick-starting Your Cyber Supply Chain Risk Programme The European Business ReviewArticle
A Practical Guide To Kick-starting Your Cyber Supply Chain Risk Programme
Mar 27, 2024
5 min readAligning Organisational Ecosystems To Be Fit For Purpose The European Business ReviewArticle
Aligning Organisational Ecosystems To Be Fit For Purpose
Mar 27, 2024
11 min readKeeper PC Pro MagazineArticle
Keeper
Oct 5, 2023
PRICE Business, from £2 per user per month from keepersecurity.com Security is job one at Keeper. The company undergoes regular auditing to ensure its zero-knowledge security model is strictly observed, and that it complies with US and EU data-protec
1 min readReview of Cybersecurity Certification TechfastlyArticle
Review of Cybersecurity Certification
Feb 4, 2021
4 min readPrivacy: The Price Of Trust Inc.Article
Privacy: The Price Of Trust
Aug 17, 2021
How will cybersecurity and data privacy evolve over the next decade? We’re hearing from our customers that cybersecurity and data privacy are increasingly becoming board-level conversations. Companies will start to think about privacy, security, vend
1 min readHow To Make Sense From And With AI ? The European Business ReviewArticle
How To Make Sense From And With AI ?
Sep 25, 2021
4 min readZero Trust PC Pro MagazineArticle
Zero Trust
Sep 11, 2022
2 min read
Reviews for Information Protection Playbook
Rating: 0 out of 5 stars
0 ratings
0 ratings0 reviews
Book preview
Information Protection Playbook - Greg Kane
Information Protection Playbook
Edited by
Greg Kane
Lorna Koppel
RISK MANAGEMENT PORTFOLIO
Table of Contents
Cover image
Title page
Copyright
Acknowledgments
Executive Summary
What is a Playbook?
About the Information Protection Playbook
IP Program
Introduction
Assumptions
IP Strategy
Chapter 1. Information Protection Function One: Governance
Implementation One: Strategic Management
Implementation Two: Reporting and Communication
Implementation Three: Policies
Implementation Four: Regulations and Compliance Management
Implementation Five: Roles and Responsibilities
Implementation Six: Procedures and Guidelines
Implementation Seven: Portfolio Management
Governance Improvement
Additional Information
Chapter 2. Information Protection Function Two: Program Planning
BASELINES, STANDARDS, Procedures, and Guidelines
Accountability and Resources
Metrics
For More Information
Chapter 3. Information Protection Function Three: Risk Management
Risk Assessment
Risk Communication Procedure
Risk Management Methodologies
For More Information
Chapter 4. Information Protection Function Four: Incident Response Management
Process
Plans, Exercises, Activation, Documentation, and Improvement
For More Information
Chapter 5. Information Protection Function Five: Program Administration
Compliance
Metrics
Change Management
Awareness
Key Points
For More Information
Appendix A. Playbook Summary
What’s Here
How to Use This Appendix
Summary
Appendix B. Board of Directors Presentation
What’s Here
How to Use This Appendix
Example Presentation
Appendix C. Information Protection Policies Checklist
What’s Here
How to Use This Appendix
Example Policy Documents
Example Data Classification Policy Elements
Appendix D. An Example Roles and Responsibilities RACI Matrix
What’s Here
How to Use This Appendix
Example RACI Matrix
Appendix E. Risk Prioritization Procedure Matrix
What’s Here
How to Use This Appendix
Risk Prioritization Matrix
Appendix F. Security Awareness and Training Menu
What’s Here
How to Use This Appendix
Security Awareness and Training Delivery Methods
Security Awareness and Training Menu
Appendix G. Risk Assessment and Compliance Checklist
What’s Here
How to Use This Appendix
Risk Assessment and Compliance Checklist
Appendix H. Incident Response
What’s Here
How to Use This Appendix
Incident Response Planning
Incident Reaction
Appendix I. Facility Management Self-Assessment
What’s Here
How to Use This Appendix
Self-assessment Questionnaire
Appendix J. Roles in Information Protection
What’s Here
How to Use This Appendix
Example Positions
Appendix K. Measurement in Information Protection
What’s Here
How to Use This Appendix
Initial Measurement Program
Evolutionary Process Improvement
Additional Resources
References
About the Contributing Editors
About Elsevier’s Security Executive Council Risk Management Portfolio
Copyright
Elsevier
The Boulevard, Langford Lane, Kidlington, Oxford, OX5 1GB, UK
225 Wyman Street, Waltham, MA 02451, USA
First published 2013
Copyright © 2013 The Security Executive Council. Published by Elsevier Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangement with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
British Library Cataloguing in Publication Data
A catalogue record for this book is available from the British Library
Library of Congress Cataloging-in-Publication Data
A catalog record for this book is available from the Library of Congress
ISBN: 978-0-12-417232-6
For more publications in the Elsevier Risk Management and Security Collection, visit our website at store.elsevier.com/SecurityExecutiveCouncil.
Acknowledgments
The goal in creating this playbook was to provide current practices and the latest insights gathered from the collective knowledge of leading security and risk practitioners in the industry. We wish to thank everyone that made this possible by contributing their time, effort, and wisdom.
The following individuals provided assistance with the Elsevier edition of this playbook:
Herbert Mattord, Ph.D., CISM, CISSP
Michael Whitman, Ph.D., CISM, CISSP
The following individuals provided assistance with the initial version of this playbook, which was provided to the Security Executive Council community:
Michael Assante, CSO, Idaho Labs (currently at American Electric Power)
Anton Bommersbach, senior manager of global security, Wrigley (currently at Sony DADC)
Scott Day, CISO, Cargill
Greg Halvacs, DOS, Kraft (currently at Cardinal)
Bob Hayes, managing director, Security Executive Council
Stash Jarocki, senior VP and ISO, Bessemer Trust (currently at Phoenix Children’s Hospital)
Kathleen Kotwica, PhD, EVP and chief knowledge strategist, Security Executive Council
Jack McCarthy, emeritus faculty, Security Executive Council, former global director of corporate security for Texaco Inc.
John McClurg, VP global security, Honeywell (currently at Dell)
Carlos Mena, CISO; vice president, program management, Security Executive Council (currently at SanDisk)
John Pontrelli, VP and CSO, Tri-West Healthcare
Executive Summary
The Information Protection Playbook provides a framework and tools to create, manage, and execute all facets of an organization’s information protection (IP) program. In this playbook, we guide the security leader through the development, implementation, and maintenance of a successful IP program. The playbook begins with a detailed description of the concept and value of information protection, transitioning into a step-by-step guide to building or enhancing an IP program.
Using the instructions provided in this playbook, security managers will learn how to implement the five functions of an IP framework: governance, program planning, risk management, incident response management, and program administration. This playbook also explains how the security or business leader can maintain a successful IP program in the long term. Its
Enjoying the preview?
Page 1 of 1