As organizations struggle to implement effective security measures, all too often they focus solely on the tangible elements, such as developing security policies or risk management implementations. While these items are very important, they are only half of the equation necessary to ensure security success.
CISO Soft Skills: Securing Organizations Impaired by Employee Politics, Apathy, and Intolerant Perspectives
presents tools that empower security practitioners to identify the intangible negative influencers of security that plague most organizations, and provides techniques to identify, minimize, and overcome these pitfalls.
The book begins by explaining how using the wrong criteria to measure security can result in a claim of adequate security when objective assessment demonstrates this not to be the case. The authors instead recommend that organizations measure the success of their efforts using a practical approach that illustrates both the tangible and intangible requirements needed by a healthy security effort.
The middle section discusses the root causes that negatively influence both a CISO and an organization’s ability to truly secure itself. These root causes include:
Employee apathy
Employee myopia or tunnel vision
Employee primacy, often exhibited as office politics
The infancy of the information security discipline
These chapters explain what a CISO can do about these security constraints, providing numerous practical and actionable exercises, tools, and techniques to identify, limit, and compensate for the influence of security constraints in any type of organization.
The final chapters discuss some proactive techniques that CISOs can utilize to effectively secure challenging work environments. Reflecting the experience and solutions of those that are in the trenches of modern organizations, this volume provides practical ideas that can make a difference in the daily lives of security practitioners.