IT securiteers - The human and technical dimension working for the organisation.
Current corporate governance regulations and international standards lead many organisations, big and small, to the creation of an information technology (IT) security function in their organisational chart or to the acquisition of services from the IT security industry.
More often than desired, these teams are only useful for companies' executives to tick the corresponding box in a certification process, be it ISO, ITIL, PCI, etc. Many IT security teams do not provide business value to their company. They fail to really protect the organisation from the increasing number of threats targeting its information systems.
IT Security Management provides an insight into how to create and grow a team of passionate IT security professionals. We will call them "securiteers". They will add value to the business, improving the information security stance of organisations.
1 VULNERABILITIES, THREATS AND RISKS IN IT. Foundational Concepts. Information Risk Management Theory. Appetite for IT Risk: Let the Business Lead. Where to Focus: Business Value of IT Security. Link to MBA Management Models. 2 SECURITY AND IT BACKGROUND. Professional Outlook and Profiles for IT Security. Skills and Backgrounds for Team Members. Security Studies. Link to MBA Management Models. 3 THE TEAM-INDIVIDUAL CONTRACT. How to Create Win-Win Deals on the Team-Individual Contract. Behavioural Guidelines for Team Leaders. Resourcing the Team. Link to MBA Management Models. 4 WHAT TO DO: THE IT SECURITY ROADMAP. Founding Activities on Principles. Stock-Taking Exercise and Prioritisation. Provision of Security Services. Link to MBA Management Models. 5 HOW TO DO IT: ORGANISE THE WORK IN "BABY STEPS". Shaping the Daily Reality. Managing Expectations. Managing Activities. Link to MBA Management Models. 6 TEAM DYNAMICS: BUILDING A "HUMAN SYSTEM". The IT Security Paradox. Interaction Patterns Within the Team. Life Always Finds Its Way: Working in the Organisation. Team Member Development and Appraisal. Link to MBA Management Models. Link to Nature Management Models. 7 VIRAL MARKETING. Communication to Sell IT Security Services. From Raising Awareness to Marketing IT Security. Security Stories to Sell and Human Psychology Aspects. Link to MBA Management Models. 8 MANAGEMENT SUPPORT: AN INDISPENSABLE INGREDIENT. Executives in Organisations Need to Manage Risks of Different Nature. Two Risk Containers: Operational and Enterprise Risk Management. A Model to Understand Risks and a Decalogue to Work with Managers. Link to MBA Management Models. 9 SOCIAL NETWORKING FOR IT SECURITY PROFESSIONALS. Human Beings Are Social Beings. Networking Outside the Organisation. Networking for the Personal IT Security Brand. Link to MBA Management Models. 10 PRESENT, FUTURE AND BEAUTY OF IT SECURITY. ThePresent of IT Security. The Future of IT Security. The Beauty of IT Security. An Attractive Field to Work In. Link to MBA Management Models. Annex 1. Example of an Information Security Test. Annex 2. Security Incident News Example. Annex 3. IT Security Starter Kit. Index of MBA Models Referenced at the End of Every Chapter. References. Index.