The Business-Minded CISCO: How to Organize, Evangelize, and Operate an Enterprise-wide IT Risk Management Program

This book describes the thought process and specific activities a leader should consider as they interview for the IT risk/information security leader role, what they should do within their first 90 days, and how to organize, evangelize, and operate the program once they are into the job.

Information technology (IT) risk and information security management are top of mind for corporate boards and senior business leaders. Continued intensity of cyber terrorism attacks, regulatory and compliance requirements, and customer privacy concerns are driving the need for a business-minded chief information security officer (CISO) to lead organizational efforts to protect critical infrastructure and sensitive data. A CISO must be able to both develop a practical program aligned with overall business goals and objectives and evangelize this plan with key stakeholders across the organization. The modern CISO cannot sit in a bunker somewhere in the IT operations center and expect to achieve buy in and support for the activities required to operate a program.

This book describes the thought process and specific activities a leader should consider as they interview for the IT risk/information security leader role, what they should do within their first 90 days, and how to organize, evangelize, and operate the program once they are into the job. It provides practical, tested strategies for designing your program and guidance to help you be successful long term. It is chock full of examples, case studies, and diagrams right out of real corporate information security programs. The Business-Minded Chief Information Security Officer is a handbook for success as you begin this important position within any company.

About the Author

Bryan Kissinger is a seasoned IT and security professional with over 20 years of experience in designing and implementing practical IT risk and information security solutions that drive business value. Prior to Trace3, he was the vice president and chief information security officer at a large integrated health system. He is known for his ability to rapidly mature IT risk and information security programs and quickly deliver on the implementation of emerging technologies to solve complex business issues. He has served as the information security leader and or CISO at multiple large health care organizations.