Follow step-by-step guidance to craft a successful security program. You will identify with the
paradoxes of information security and discover handy tools that hook security controls into
business processes. Information security is more than configuring firewalls removing viruses
hacking machines or setting passwords. Creating and promoting a successful security program
requires skills in organizational consulting diplomacy change management risk analysis and
out-of-the-box thinking. What You Will Learn: Build a security program that will fit neatly
into an organization and change dynamically to suit both the needs of the organization and
survive constantly changing threats Prepare for and pass such common audits as PCI-DSS SSAE-16
and ISO 27001 Calibrate the scope and customize security controls to fit into an
organization's culture Implement the most challenging processes pointing out common pitfalls
and distractions Frame security and risk issues to be clear and actionable so that decision
makers technical personnel and users will listen and value your advice Who This Book Is For:
IT professionals moving into the security field new security managers directors project
heads and would-be CISOs and security specialists from other disciplines moving into
information security (e.g. former military security professionals law enforcement
professionals and physical security professionals)