Read this book to understand how:
The CISO (chief information security officer) has overall responsibility for corporate security strategy, but today’s CISO also needs to be in the business of managing information, not just securing it.
In its first edition, this book challenged security professionals to recognise that the serious and ever-changing nature of the security threats in 2011 demanded an organisation-wide strategic response, not just an automated reaction. It proposed that it was time for CISOs to transition from security coordinators to evangelists for risk management, while being technology innovators and trusted advisers to senior management.
In this updated edition, the security threat landscape has widened and the broadening of the CISO role has become a mandate for organisational survival. This book challenges and guides information security professionals to think about information security and risk management from the enterprise level, not just from the IT perspective.
Barry Kouns is a security and risk management expert with more than 25 years’ experience in information security consulting, risk assessment and quality management. He formed and operates SQM Advisors, LLC, an information security, risk assessment and IT service management firm that has led numerous organisations to ISO/IEC 27001:2013 certification. Barry co-founded Risk Based Security, Inc., a vulnerability intelligence and data breach analytics organisation that was acquired by Flashpoint in 2022.
Jake Kouns holds a Master of Business Administration with a concentration in information security from James Madison University. He holds a number of certifications including CISSP®, CISM®, CISA®, and CGEIT®. Jake co-founded Risk Based Security, Inc., and is currently the Chief Innovation Officer at Flashpoint. He is well known from his presentations at security conferences including RSA, CISO Executive Summit, EntNet IEEE GLOBECOM, CanSecWest, and SyScan. Jake is also the co-founder of RVAsec, a Richmond, Virginia information security conference that has grown to host more than 500 attendees. He is the co-author of Information Technology Risk Management in Enterprise Environments and has also been interviewed numerous times as an expert in the security industry.