Caught in the crosshairs ofLeadership andInformation Technology Information Security professionals are increasingly tapped to operate as business executives. This often puts them on a career path they did not expect, in a field not yet clearly defined. IT training does not usually includemanagerial skills such as leadership, team-building, c

The first section of this book addresses the evolution of CISO (chief information security officer) leadership, with the most mature CISOs combining strong business and technical leadership skills. CISOs can now add significant value when they possess an advanced understanding of cutting-edge security technologies to address the risks from the nearly universal operational dependence of enterprises on the cloud, the Internet, hybrid networks, and third-party technologies demonstrated in this book. In our new cyber threat-saturated world, CISOs have begun to show their market value. Wall Street is more likely to reward companies with good cybersecurity track records with higher stock valuations. To ensure that security is always a foremost concern in business decisions, CISOs should have a seat on corporate boards, and CISOs should be involved from beginning to end in the process of adopting enterprise technologies. The second and third sections of this book focus on building strong security teams, and exercising prudence in cybersecurity. CISOs can foster cultures of respect through careful consideration of the biases inherent in the socio-linguistic frameworks shaping our workplace language and through the cultivation of cyber exceptionalism. CISOs should leave no stone unturned in seeking out people with unique abilities, skills, and experience, and encourage career planning and development, in order to build and retain a strong talent pool. The lessons of the breach of physical security at the US Capitol, the hack back trend, and CISO legal liability stemming from network and data breaches all reveal the importance of good judgment and the necessity of taking proactive stances on preventative measures. This book will target security and IT engineers, administrators and developers, CIOs, CTOs, CISOs, and CFOs. Risk personnel, CROs, IT, security auditors and security researchers will also find this book useful.

In one modest-sized volume, this book offers three valuable sets of knowledge. First, it provides best practice guidance on virtually every large-scale task a modern manager may be involved in—from recruiting and hiring to onboarding and leading teams, and from employee engagement and retention to performance management and working with difficult employees. Second, it explains the essential concepts and practice of a range of effective leadership styles—including (but not limited to) servant leadership, crisis leadership, change agent leadership, and diversity and inclusion leadership. Third, it offers brief case studies from select CISOs and CSOs on how these management and leadership principles and practices play out in real-life workplace situations. The best practice essentials provided throughout this volume will empower aspiring leaders and also enable experienced managers to take their leadership to the next level. Many if not most CISOs and other leaders have had very little, if any, formal training in management and leadership. The select few that have such training usually obtained it through academic courses that take a theoretical, broad brush approach. In contrast, this book provides much actionable guidance in the nitty-gritty tasks that managers must do every day. Lack of management practical knowledge puts CISOs and CSOs at a disadvantage vis-a-vis other executives in the C-suite. They risk being pigeonholed as “security cops” rather than respected business leaders. Many articles on these subjects published in the press are too incomplete and filled with bad information. And combing through the few high-quality sources that are out there, such as Harvard Business Publishing, can take hundreds of dollars in magazine subscription and book purchase fees and weeks or months of reading time. This book puts all the essential information into your hands through a series of concise chapters authored by an award-winning writer.

This book provides an advanced understanding of cyber threats as well as the risks companies are facing. It includes a detailed analysis of many technologies and approaches important to decreasing, mitigating or remediating those threats and risks. Cyber security technologies discussed in this book are futuristic and current. Advanced security topics such as secure remote work, data security, network security, application and device security, cloud security, and cyber risk and privacy are presented in this book. At the end of every chapter, an evaluation of the topic from a CISO’s perspective is provided. This book also addresses quantum computing, artificial intelligence and machine learning for cyber security The opening chapters describe the power and danger of quantum computing, proposing two solutions for protection from probable quantum computer attacks: the tactical enhancement of existing algorithms to make them quantum-resistant, and the strategic implementation of quantum-safe algorithms and cryptosystems. The following chapters make the case for using supervised and unsupervised AI/ML to develop predictive, prescriptive, cognitive and auto-reactive threat detection, mitigation, and remediation capabilities against advanced attacks perpetrated by sophisticated threat actors, APT and polymorphic/metamorphic malware. CISOs must be concerned about current on-going sophisticated cyber-attacks, and can address them with advanced security measures. The latter half of this book discusses some current sophisticated cyber-attacks and available protective measures enabled by the advancement of cybersecurity capabilities in various IT domains. Chapters 6-10 discuss secure remote work; chapters 11-17, advanced data security paradigms; chapters 18-28, Network Security; chapters 29-35, application and device security; chapters 36-39, Cloud security; and chapters 40-46 organizational cyber risk measurement and event probability. Security and IT engineers, administrators and developers, CIOs, CTOs, CISOs, and CFOs will want to purchase this book. Risk personnel, CROs, IT and Security Auditors as well as security researchers and journalists will also find this useful.

Congratulations! Perhaps you have been appointed as the Chief Privacy Officer (CPO) or the Data Protection Officer (DPO) for your company. Or maybe you are an experienced CPO/DPO, and you wonder – "what can I learn from other successful privacy experts to be even more effective?" Or perhaps you are considering a move from a different career path and deciding if this is the right direction for you. Seasoned award-winning Privacy and Cybersecurity leaders Dr. Valerie Lyons (Dublin, Ireland) and Todd Fitzgerald (Chicago, IL USA) have teamed up with over 60 award-winning CPOs, DPOs, highly respected privacy/data protection leaders, data protection authorities, and privacy standard setters who have fought the tough battle. Just as the #1 best-selling and CANON Cybersecurity Hall of Fame winning CISO Compass: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers book provided actionable advice to Chief Information Security Officers, The Privacy Leader Compass is about straight talk – delivering a comprehensive privacy roadmap applied to, and organized by, a time-tested organizational effectiveness model (the McKinsey 7-S Framework) with practical, insightful stories and lessons learned. You own your continued success as a privacy leader. If you want a roadmap to build, lead, and sustain a program respected and supported by your board, management, organization, and peers, this book is for you.

Starting with the inception of an education program and progressing through its development, implementation, delivery, and evaluation, Managing an Information Security and Privacy Awareness and Training Program, Second Edition provides authoritative coverage of nearly everything needed to create an effective training program that is compliant with

This new volume, edited by industrial and organizational psychologists, will look at the important topic of cyber security work in the US and around the world. With contributions from experts in the fields of industrial and organizational psychology, human factors, computer science, economics, and applied anthropology, the book takes the position that employees in cyber security professions must maintain attention over long periods of time, must make decisions with imperfect information with the potential to exceed their cognitive capacity, may often need to contend with stress and fatigue, and must frequently interact with others in team settings and multiteam systems. Consequently, psychosocial dynamics become a critical driver of cyber security effectiveness. Chapters in the book reflect a multilevel perspective (individuals, teams, multiteam systems) and describe cognitive, affective and behavioral inputs, processes and outcomes that operate at each level. The book chapters also include contributions from both research scientists and cyber security policy-makers/professionals to promote a strong scientist-practitioner dynamic. The intent of the book editors is to inform both theory and practice regarding the psychosocial dynamics of cyber security work.

Cybersecurity refers to the set of technologies, practices, and strategies designed to protect computer systems, networks, devices, and data from unauthorized access, theft, damage, disruption, or misuse. It involves identifying and assessing potential threats and vulnerabilities, and implementing controls and countermeasures to prevent or mitigate them. Some major risks of a successful cyberattack include: data breaches, ransomware attacks, disruption of services, damage to infrastructure, espionage and sabotage. Cybersecurity Risk Management: Enhancing Leadership and Expertise explores this highly dynamic field that is situated in a fascinating juxtaposition with an extremely advanced and capable set of cyber threat adversaries, rapidly evolving technologies, global digitalization, complex international rules and regulations, geo-politics, and even warfare. A successful cyber-attack can have significant consequences for individuals, organizations, and society as a whole. With comprehensive chapters in the first part of the book covering fundamental concepts and approaches, and those in the second illustrating applications of these fundamental principles, Cybersecurity Risk Management: Enhancing Leadership and Expertise makes an important contribution to the literature in the field by proposing an appropriate basis for managing cybersecurity risk to overcome practical challenges.

Guarding Your Business outlines the organizational elements that must be in place to protect the information and physical assets of typical businesses and organizations. The book recognizes the need for an architecture integrated within the organizational environment for systematic protection. Such an architecture is offered along with the building blocks to make organizations resistant to human error and resilient under physical attack or natural disaster. The book addresses risk assessment, determination of quality-of-service levels that balance safety versus cost, security versus privacy, determination of access rights to data and software, and a security-conscious culture in the organization. Questions answered by experts from academia and industry include: How can one organize for security? What organizational structures, policies, and procedures must be in place? What legal and privacy issues must be addressed?

At a critical point in human history, this book presents proven ways to gain the skills needed to develop sustainable IT practices and set yourself apart as a progressive technology leader Key Features Execute a sustainable IT strategy with proven methods and real-world use cases Progress as a sustainable IT advocate and set yourself apart from other senior IT leaders Increase your chances of receiving executive buy-in on your sustainable IT strategy Book DescriptionWe are at a critical point in human history. Humanity is under threat, but all is not lost. We can take action! But how? Sustainable IT Playbook for Technology Leaders will show you how. It will walk you through the construction and implementation of a sustainable IT strategy and enable you to do your bit for the future of mankind. The book is split into three parts. Part I details the “why” and the clear and present danger that humanity faces today: the climate crisis. How did we get here, what are the immediate threats, what are the planetary boundaries that we need to peel back to safe levels, and what impact does IT have on society at large? Part II will focus on the "what.” It examines the nitty-gritty details of what we can do to unlock significant returns on sustainable investments toward a more sustainable future. Part III, the final part of the book, focuses on the “how.” How do you turn your ideas into action? What do you need to do to establish your baseline and your direction of travel towards your objective? This part provides tangible case studies and explains how you can start your journey today to begin delivering global and impactful objectives. By the end of this book, you’ll be able to plan, implement, and communicate a sustainable IT strategy and set yourself apart as a progressive technology leader.What you will learn Discover why IT is a major contributor to carbon emissions Explore the principles and key methods of sustainable IT practices Build a robust, sustainable IT strategy based on proven methods Optimize and rationalize your code to consume fewer resources Understand your energy consumption patterns Apply a circular approach to the IT hardware life cycle Establish your sustainable IT baseline Inspire and engage employees, customers, and stakeholders Who this book is for This book is for executive IT leaders such as CIOs, CDOs, and CTOs dedicated to influencing, inspiring, and engaging businesses, organizations, and individuals to reduce their carbon footprint through sustainable IT practices.