- Cisco security exec: ‘Connected devices are creating 277 times more data than people are’
- WannaCry could have been worse – and still could be – as exploit shapes “new normal”
- The week in security: Global ransomware makes many CSOs WannaCry
- A day in the life of a threat researcher
- Miele has a patch for its hackable dishwasher, but a technician needs to install it
- 1 March 2012 09:33
McAfee Experts Launch Book to Help Security Obligated Executives
SANTA CLARA, Calif. – Feb. 29, 2012 –McAfee today announced the launch of Security Battleground: An Executive Field Manual, a book based on the authors security experience with large global corporations. Michael Fey, Brian Kenyon, Kevin Reardon, Bradon Rogers and Charles Ross have identified a group of individuals who increasingly find themselves responsible for ensuring that their enterprises are secure. The book was written for the Chief Information Officers (CIOs), Chief Information Security Officers (CISOs) and other C-level executives because they are all responsible for material threats to their enterprises, and today information security qualifies as one of the top material threats. Security Battleground provides the security obligated executive with guidance about the hard questions to ask when validating a security team’s strategic plan, its budget and its operations.
“Any top company or institution can suffer irreparable harm at the hands of cyber-attackers. Today it’s estimated that over 1 trillion dollars in damages can be attributed to this battle – and this number is expected to skyrocket to over 5 trillion within the next 5 years alone,” said Michael Fey, senior vice president at McAfee. “This is a battle that has turned into a war and is being fought unlike any other and this was the question that started our journey to write this book.”
Part I – Field Manual for the Battleground - Surveying the Battleground explains the origin of the book as a field manual written for a security-obligated executive who has accepted responsibility for overseeing the security organisation. The first section focuses on: • Assessing Mission Readiness shows how to assess the security team's maturity and encourage improvements in the team's approach to security threats and countermeasures. • Developing the Strategy provides an overview of the strategic planning process with a special emphasis on building a plan based on a foundation of clearly documented business risks and compliance obligations. This is the chapter that sets the expectation that security organisations should plan strategy just like any other line of business. Part II – Preparing for Battle – This section gives advice on methodology for gathering information, analysis, regulations and developing a strategic security plan. • Recognising and Capturing Risk reveals the authors' methodology for gathering key business information. An exercise called Riches, Ruins & Regulations is the centerpiece. • Performing Threat Analysis explains how the security team methodically marries business risk to vulnerabilities and threats. • Adhering to Regulations addresses the issues of regulatory compliance, which is another form of business risk. Failure to pass a compliance audit can lead to fines and sanctions that can be as harmful as a hacker's attack. • Preparing the Strategic Plan shows how the building blocks fit together. Threats and compliance obligations are pitted against programs that provide controls (i.e., protection). Part III - Winning the War – This section gives practical information about budgets, measurement, crises, cooperation with other businesses and looking towards the future. • Funding the War is about the budget and the books approach is not traditional. While building a business case remains a fundamental building block, security budgeting inevitably depends on a forthright discussion with security-obligated executives as to what risks the company is willing to tolerate. • Measuring Success provides guidance about the use of security metrics to manage and optimise security operations. • Managing Crises is a proactive guide in preparing for the likely event that there will be a security breach. We identify four key steps beginning with containment and ending with remediation. • Aligning the Allies speaks to the need for security organisations to cultivate shared understandings within and outside the company. The traditional company boundaries have evolved and we focus on how to align resources to work in concert with trading partners toward the shared goal of strong security. • Future Proofing is a look to the security horizon with an emphasis on anticipating the next generation of threats. In this chapter we focus discussion on current trends such as cloud computing, virtualised processing and storage systems and the consumerisation of IT. Security Battleground: An Executive Field Manual was designed to provide a primer to help executives better understand their roles and obligations with respect to information security. The principles outlined in this book will continue to evolve over time, much like the security battleground itself.
Book Availability Security Battleground: An Executive Field Manual is available on Amazon.com. All proceeds from the book will be going to a veteran's charity.
About McAfee McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world's largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. Backed by its unrivaled Global Threat Intelligence, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlessly focused on constantly finding new ways to keep our customers safe. http://www.mcafee.com ### Note: McAfee, the McAfee logo and are registered trademarks or trademarks of McAfee, Inc., or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. ©2012 McAfee, Inc. All rights reserved.
- 22 Experts Share How to Communicate Security Program Effectiveness to Upper Management : Download Now
- Network Professionals Survey with Computerworld Australia Enter this survey and you could WIN one (1) of two (2) Microsoft Surface Pro 4 128GB Tablet valued at AU$999 each. *Terms & Conditions Apply
- Advanced endpoint protection test report : Download Now
- Everything You Need to Know About Cyber Threats But Were Too Afraid To Ask: Download Now
- Translating Security Leadership into Board Value : Download Now
- Emerging Cyber Threat Summit | Cybersecurity strategy for business leaders in the digital age | 6-8 June | Sydney | Get the agenda
- Security Exhibition & Conference | Intelligent Strategies for Australia’s Security Industry 26-28 July 2017 | ICC Sydney, Darling Harbour | Find out more
- GitHub sets up a developer tools store, releases GraphQL API
- Google’s Firebase taps serverless Cloud Functions
- How Google’s cloud is ushering in a new era of SQL databases
- Microsoft does enterprise no favours when it won't explain Windows 10's schedule
- Oracle has a plan to make Java 9 migration easier
- Report: Programmatic video advertising held back by expertise
- Nine partners with LiveRamp to boost audience targeting capabilities
- Does your brand look like garbage to your customers?
- CMO to CEO: Think Brick chief reveals what it takes to make the jump
- CMO's top 8 martech stories for the week - 18 May 2017