The Chief Information Security Officer: Insights, Tools, and Survival Skills

The role of the Chief Information Security Officer has evolved enormously in recent years in response to security threats and a challenging business environment. Instead of being primarily a master technician, today's CISO has to be a trusted advisor to senior management. Read this pocket guide and ...

• Learn how the role of a CISO has changed.
• Today s CISO must be integrated into all aspects of the business and have a full understanding of its strategy and objectives.
• Understand the importance of a risk management methodology.
• A good risk management methodology must take into account the special information security needs of the company as well as legal and regulatory requirements.
• Learn how to establish a successful ISMS.

The guide explains how to design and implement an ISMS that is appropriate for the organization. It also describes the key management system processes that should be included in an ISMS.

Chief Information Security Officers are bombarded with huge challenges every day, from recommending security applications to strategic thinking and business innovation. This guide describes the hard and soft skills that a successful CISO requires: not just a good knowledge of information security, but also attributes such as flexibility and communication skills.

About the Authors

Barry Kouns is a security and risk management expert with over 25 years of experience in information security consulting, risk assessment and quality management. Barry formed and operates SQM-Advisors, an information security, risk assessment and IT service management firm that has led eight organisations to ISO/IEC 27001:2005 certification. He is frequently quoted in magazines and news articles on information security and has held the position of Trainer for the British Standards Institute (BSI). He holds a BS in Statistics and an MS in Industrial Engineering Management. Barry has earned the CISSP designation and is a trained ISO/IEC/27001 Lead Auditor and ISMS Implementer, and is ITIL Foundation certified.

Jake Kouns has an MBA with a concentration in Information Security from James Madison University. He holds a number of certifications including CISSP, CISM, CISA and CGEIT. He is currently Director of Cyber Security and Technology Risks Underwriting for Markel Corporation, a specialty insurance company. He has presented at many well-known security conferences including RSA, CISO Executive Summit, EntNet IEEE GlobeCom, CanSecWest, and SyScan. He is the co-author of Information Technology Risk Management in Enterprise Environments, and has also been interviewed numerous times as an expert in the security industry. Jake is the co-founder, CEO, and CFO of the Open Security Foundation (OSF), a non-profit organisation that oversees the operations of the Open Source Vulnerbility Database (OSVDB.org) and DataLossDB.