How do you engage with your peers when they think you're there to stop
them working? Corporate information security is often hindered by a lack
of adequate communication between the security team and the rest of the
organisation . Information security affects the whole company and is a
responsibility shared by all staff, so failing to obtain wider
acceptance can endanger the security of the entire organisation . Many
consider information security a block, not a benefit, however, and view
security professionals with suspicion if not outright hostility. As a
security professional, how can you get broader buy-in from your
colleagues? Information Security: A Practical Guide addresses that issue
by providing an overview of basic information security practices that
will enable your security team to better engage with their peers to
address the threats facing the organisation as a whole. Product overview
Covering everything from your first day at work as an information
security professional to developing and implementing enterprise-wide
information security processes, Information Security: A Practical Guide
explains the basics of information security, and how to explain them to
management and others so that security risks can be appropriately
addressed. Topics covered include: How to understand the security
culture of the organisation Getting to know the organisation and
building relationships with key personnel How to identify gaps in the
organisation's security set-up The impact of compromise on the
organisation Identifying, categorising and prioritising risks The five
levels of risk appetite and how to apply risk treatments via security
controls Understanding the threats facing your organisation and how to
communicate them How to raise security awareness and engage with
specific peer groups System mapping and documentation (including control
boundaries and where risks exist) The importance of conducting regular
penetration testing and what to do with the results Information security
policies and processes A standards-based approach to information
security If you're starting a new job as an information security
professional, Information Security: A Practical Guide contains all you
need to know. About the author Tom Mooney has over ten years' IT
experience working with sensitive information. His current role is as a
security risk advisor for the UK Government, where he works with project
teams and the wider organisation to deliver key business systems
securely. His key responsibility is to act as an intermediary between
management and IT teams to ensure appropriate security controls are put
in place. His extensive experience has led him to develop many skills
and techniques to converse with people who are not technical or
information security experts. Many of these skills and techniques are
found in this book. He has a BSc (Hons) in information and computer
security, and is also a CESG certified professional.