Building an Effective Security Program

This book establishes the business case for setting up an enduring IT security awareness program for use in training IT professionals and IT security professionals. This book details an IT security process for establishing and maintaining common security protections for the confidentiality, availability, and integrity of company information. The IT security process is applied to a series of real-world scenarios in terms of common security controls to protect company information. IT security involves understanding the challenges and managing the corresponding risks. Risk management involves asset management, security vulnerabilities, security threats, risk identification, risk mitigation, and security controls. The authors provide a pragmatic approach to balancing affordable IT security protection and risk. Readers will learn: IT Security Awareness—Exemplified in five IT security scenarios describing how to protect information at home, while traveling, at work, as an executive, and internationally IT Security Mindset—Thinking like an IT security professional IT Risk Management Process—Identifying assets, risk management process that involves asset management, security vulnerabilities, security threats, risk identification, risk mitigation, and security controls Enduring IT Security—Implementing, measuring, and continually improve IT security program