The CISO Handbook : A Practical Guide to Securing Your Company book cover
1st Edition

The CISO Handbook
A Practical Guide to Securing Your Company

ISBN 9780849319525
Published August 24, 2005 by Auerbach Publications
346 Pages 49 B/W Illustrations

FREE Standard Shipping
USD $180.00

Prices & shipping based on shipping country


Book Description

The CISO Handbook: A Practical Guide to Securing Your Company provides unique insights and guidance into designing and implementing an information security program, delivering true value to the stakeholders of a company. The authors present several essential high-level concepts before building a robust framework that will enable you to map the concepts to your company’s environment.

The book is presented in chapters that follow a consistent methodology – Assess, Plan, Design, Execute, and Report. The first chapter, Assess, identifies the elements that drive the need for infosec programs, enabling you to conduct an analysis of your business and regulatory requirements. Plan discusses how to build the foundation of your program, allowing you to develop an executive mandate, reporting metrics, and an organizational matrix with defined roles and responsibilities. Design demonstrates how to construct the policies and procedures to meet your identified business objectives, explaining how to perform a gap analysis between the existing environment and the desired end-state, define project requirements, and assemble a rough budget. Execute emphasizes the creation of a successful execution model for the implementation of security projects against the backdrop of common  business constraints. Report focuses on communicating back to the external and internal stakeholders with information that fits the various audiences.

Each chapter begins with an Overview, followed by Foundation Concepts that are critical success factors to understanding the material presented. The chapters also contain a Methodology section that explains the steps necessary to achieve the goals of the particular chapter.

Table of Contents

Foundation Concepts
Critical Skills
Consultative Sales Skills
Critical Knowledge
Understanding Your Business
Understanding Risk
Understanding Your Enterprise Differentiators      
Understanding Your Legal and Regulatory Environment    
Understanding Your Organizational Structure       
Understanding Your Organizational Dynamics     
Enterprise Culture         
Understanding your Enterprise’s View of Technology        
Assessment Methodology         
Identifying your Program’s Primary Driver
Why Are You Here?                  
Identifying your External Drivers              
Other External Drivers   
Identifying your Internal Drivers   
Assessment Checklist  
Foundation Concepts    
Critical Skills    
Strategic Planning         
Talent Assessment       
Critical Skills Summary 
Critical Knowledge        
ISC2 Common Body of Knowledge [CBK] 
Other Security Industry Resources         
Planning Methodology   
Understanding your Program’s Mandate              
Determining Your Program’s Structure    
Centralized vs. Decentralized     
Security Pipeline           
Size of Your Program    
Security Program Structure Summary     
Determining Your Program’s Staffing       
Planning Summary        
Planning Checklist        
Foundation Concepts    
Critical Skills    
Critical Knowledge        
Security Document Development
Project Portfolio Development     
Communication Plan Development          
Incorporating your Enterprise Drivers       
Gap Analysis    
Building Security Policies, Standards, Procedures, And Guidelines           
Build Security Documents Summary      
Building the Security Project Portfolio     
Annual Portfolio Review 
Build the Communication Plan               
Chapter Summary         
Design Checklist           
Foundation Concepts    
Critical Skills    
Critical Knowledge        
Project Execution         
Administrative Cleanup  
Chapter Summary         
Foundation Concepts    
Critical Skills    
Critical Knowledge        
Report Construction Process     
Determine Target Audience        
Delivery Mechanisms    
Chapter Summary         
The Final Phase         
Back To the Beginning  
Parting Thoughts           
Appendix A      Design Chapter Worksheets    
Appendix B      Report Creation Process Worksheet   
Appendix C      Requirements Sample
Appendix D      SDLC Checklist           
Appendix E      Recommended Reading         

View More



Mike Gentile is on a mission to change the status quo in Information Security as we know it. His goal is to translate the discipline from one that is often misunderstood, inefficiently applied, and painful to one that is seamless, collaborative, and repeatable in organizations across the globe. Delphiis is the encapsulation of this mission. Mike brings balance of business acumen and technical skill-set anchored by years in the field and his core focus over the past 15 years has been his practice, Coastline Consulting services. As the Founder and President, Coastline has developed enterprise security programs for countless leading public, private, and government organizations, including many within the Global 1000 and Fortune 500. During that time he also became Co-Founder and Editor for, the leading portal for security leaders. As a researcher, Mike has contributed numerous publications within the Information technology, project management, and security communities. He is also a senior researcher with Computer Economics in the Information Security domain and has written articles for the ISSA Journal, Computer Economics, RSA Conference and Secure World Expo.

As a writer he is the co-author of The CISO Handbook: A Practical Guide to Securing Your Company as well as CISO Soft Skills: Securing Organizations Impaired by Employee Politics, Apathy, and Intolerant Perspectives. The CISO Handbook is used as course material for numerous advanced education and Master’s programs on security leadership around the world. Mr. Gentile serves on multiple advisory boards, including being on the Board of Advisors for Savant, a malware protection company, as well an active member of the RSA Program Committee since 2009.

Mr. Gentile is a sought after speaker on security, project management, and information technology topics. For the last 3 years he has been a top rated speaker at RSA, the most prestigious security conference in the United states and has been keynote speaker for the CXO Summits conference series. He has also presented over the years for the Project Management Institute, Secure World Expo, ISSA, Symantec, and many more. Mike lives in Southern California with his wife Tiffany and their two boys.