Mark Twain said that “if you don't like the weather in New England now, just wait a few minutes.” With that, one of the challenges of working in the information security field is staying current. If an information security professional were to go on sabbatical (what a thought); by the time they came back from their escape, the information security world would be a very different place. And for such a person, they’d find their level of professional development somewhat diminished.
In Take Back Control of Your Cybersecurity Now: Game Changing Concepts on AI and Cyber Governance Solutions for Executives (ISBN-13: 978-1520658728), authors Christophe Veltsos and Paul Ferrillo have written a practical guide to help information security and IT professionals understand and manage the ever-changing environment of information security and data risk.
The following are the 11 chapters in the book, and they provide the reader with an easy to read overview of the current status of information security and risk:
- Time to Take Back Control of your Cybersecurity Now
- Federal Regulation and Oversight — Today and Tomorrow
- Understanding and Implementing the NIST Cybersecurity Framework
- Spear Phishing Attacks — Don’t Take the Bait! Don’t Click on the Link!
- Incident Response — Plans, Reality, and Lessons Learned
- Using Cyber Intelligent Solutions to Defeat Hackers (or at least level the playing field)
- Cybersecurity Fiduciary Duties of Directors and Officers
- Insurance for Cyber Exposures; Critical Considerations for Effective Insurance Purchasing
- Cyber Risk Reporting and Governance
- Trust But Verify — Asking the Tough Questions
- The Great Miracles and Challenges of Cloud Computing
The book lays out the tasks that need to be done to ensure the entire lifecycle of information security tasks are dealt with. The many suggestions are strategic and tactical, to which the reader can ensure the items are appropriately tasked.
The word control in the title is intentional. With the problem of shadow IT, where systems (and often very large ones) are deployed outside the purview of the CIO, CTO and CISO; IT quickly becomes and out of control area. The book is meant to regain control from a security perspective.
This is a handy read for anyone who wants to know about the current state of information security, and what the best practices are to ensure their enterprise is effectively dealing with the most challenging threats. The book provides just enough information and data to be used as good starting point. What it lacks in depth, it makes up in breadth.
The authors write in a clear and easy to read style that is both elucidating and an interesting read. While meant for those tasked with information security duties; anyone involved in security, information technology or data management will certainly find a lot of value in Take Back Control of Your Cybersecurity Now.