You know by now that your company could not survive without the Internet. Not in today’s market. You are either part of the digital economy or reliant upon it. With critical information assets at risk, your company requires a state-of-the-art cybersecurity program. But how do you achieve the best possible program? Tari Schreider, in Building Effective Cybersecurity Programs: A Security Manager’s Handbook, lays out the step-by-step roadmap to follow as you build or enhance your cybersecurity program.
Over 30+ years, Tari Schreider has designed and implemented cybersecurity programs throughout the world, helping hundreds of companies like yours. Building on that experience, he has created a clear roadmap that will allow the process to go more smoothly for you. Building Effective Cybersecurity Programs: A Security Manager’s Handbook is organized around the six main steps on the roadmap that will put your cybersecurity program in place:
- Design a Cybersecurity Program
- Establish a Foundation of Governance
- Build a Threat, Vulnerability Detection, and Intelligence Capability
- Build a Cyber Risk Management Capability
- Implement a Defense-in-Depth Strategy
- Apply Service Management to Cybersecurity Programs
Because Schreider has researched and analyzed over 150 cybersecurity architectures, frameworks, and models, he has saved you hundreds of hours of research. He sets you up for success by talking to you directly as a friend and colleague, using practical examples. His book helps you to:
- Identify the proper cybersecurity program roles and responsibilities.
- Classify assets and identify vulnerabilities.
- Define an effective cybersecurity governance foundation.
- Evaluate the top governance frameworks and models.
- Automate your governance program to make it more effective.
- Integrate security into your application development process.
- Apply defense-in-depth as a multi-dimensional strategy.
- Implement a service management approach to implementing countermeasures.
With this handbook, you can move forward confidently, trusting that Schreider is recommending the best components of a cybersecurity program for you. In addition, the book provides hundreds of citations and references allow you to dig deeper as you explore specific topics relevant to your organization or your studies.
About the Author
Tari Schreider, SSCP, CISM, C|CISO, ITIL Foundation, is a distinguished technologist and nationally known expert in the fields of cybersecurity, risk management, and disaster recovery. Co-founder of Prescriptive Risk Solutions, LLC (PRS), he is former Chief Security Architect at Hewlett-Packard Enterprise. PRS designs custom solutions for companies with challenging legal and regulatory compliance issues that need to be solved quickly. PRS maintains one of the world’s largest databases of security and disaster recovery incidents with nearly 12,000 incidents covering 10.6 billion compromised records.
Mr. Schreider has designed and implemented complex cybersecurity programs including a red team penetration testing program for one of the largest oil and gas companies in the world, an NERC CIP compliance program for one of Canada’s largest electric utility companies, and an integrated security control management program for one of the US’ largest 911 systems. He has advised organizations from China to India on how to improve their cybersecurity programs through his Information Security Service Management – Reference Model (ISSM-RM). Schreider implemented a virtual Security Operations Center network with vSOCs located in the US, Brazil, Italy, Japan, Sweden, and the US. He was also responsible for creating the first Information Sharing and Analysis Center in collaboration with the Information Technology Association of America (IT-ISCA). His earliest disaster recovery experiences included assisting companies affected by the 1992 Los Angeles Rodney King Riots, and 1993 World Trade Center bombing. His unique experience came during the 1990 Gulf War, helping a New York financial institution recover after becoming separated from its data center in Kuwait.
Schreider has appeared on ABC News, CNN, CNBC, NPR, and has had numerous articles printed in security and business magazines including Business Week, New York Times, SC Magazine, The Wall Street Journal, and many others.
He studied Criminal Justice at the College of Social&Behavioral Sciences at the University of Phoenix and holds the following certifications in security and disaster recovery:• American College of Forensic Examiners, CHS-III • Certified CISO (C|CISO) • Certified Information Security Manager (CISM) • ITIL™ v3 Foundation Certified • System Security Certified Practitioner (SSCP) • The Business Continuity Institute, MBCI • University of Richmond – Master Certified Recovery Planner (MCRP)
Kristen Noakes-Fry, ABCI, is Executive Editor at Rothstein Publishing. Previously, she was a Research Director, Information Security and Risk Group, for Gartner, Inc.; Associate Editor at Datapro (McGraw- Hill); and Associate Professor of English at Atlantic Cape College in New Jersey. She holds an M.A. from New York University and a B.A. from Russell Sage College.