Creating an Information Security Program from Scratch
- Available for pre-order. Item will ship after September 15, 2021
This book is written for the first security hire in an organization; either an individual moving into this role from within the organization or hired into the role. More and more organizations are realizing that Information Security requires a dedicated team with leadership distinct from Information Technology, and often the people who are placed into those positions have no idea where to start or how to prioritize.
There are many issues competing for their attention, standards that say do this or do that, laws, regulations, customer demands, and no guidance on what is actually effective. The book offers guidance on approaches that work for how you prioritize and build a comprehensive information security program that protects your organization.
While most books targeted at information security professionals explore specific subjects with deep expertise, this book will explore the depth and breadth of the field. Instead of exploring a technology such as cloud security or a technique such as risk analysis, this will place those into the larger context of how to meet an organization's needs, how to prioritize, and what success looks like. Guides to maturation of practice is offered, along with pointers for each topic on where to go for an in-depth exploration of each topic.
Unlike more typical books on information security that advocate a single perspective, this book will explore competing perspectives with the eye to providing the pros and cons of the different approaches and the implications of choices on implementation and on maturity, as often a choice on an approach needs to change as an organization grows and matures.
Table of Contents
1. Getting started
2. The things you must do
3. Asset management
4. Vulnerability Management
5. Incident Management
6. The Endpoint
7. Email Security
8. THE NETWORK
9. Integrating security into software development
11. Access Control
12. HUMAN ISSUES
Walter Williams has served as an infrastructure and security architect at firms as diverse as GTE Internetworking, State Street Corp, Teradyne, The Commerce Group and EMC. He has since moved to security leadership, where he'd served as at IdentityTruth, Passkey, Lattice Engines, and Monotype. He is an outspoken proponent of design before build, an advocate of frameworks and standards, and has spoken at Security B-Sides, Source Boston, Boston Application Security Conference, Rochester Security Summit, Wall of Sheep Village within DefCon, RiskSec Toronto and other venues . His articles on Security and Service Oriented Architecture have appeared in the Information Security Management Handbook, and he has a book with CRC press on the same topic. He sat on the board of directors for the New England ISSA chapter and was a member of the program committee for Metricons 8 and 10. He has a masters degree in Anthropology from Hunter College.