In this updated edition, the security threat landscape has widened and the challenge for CISOs to be more than just security coordinators has become a mandate for organizational survival. This book challenges and guides information security professionals to think about information security and risk management from the enterprise level, and not just from the IT perspective. Read this book and understand how: The CISO’s role can improve an organization’s cyber strategy. An enterprise’s view of information security, business continuity, compliance, safety, and physical security is crucial for the success of your organisation’s cyber security defense. Soft skills are crucial in order for the CISO to communicate effectively with the Board and other departments in the organisation. Standards such as ISO 27001:2022 can help your organisation implement a suitable ISMS (information security management system). Risk management is imperative to identify, analyze, evaluate and protect the organization’s assets.

• Cover
• Title Page
• Copyright Page
• Foreword
• Preface
• About The Authors
• Acknowledgments
• Contents
• Introduction
  • Chapter 1: The nature of the CISO role
  • Chapter 2: The traditional CISO job description
  • Chapter 3: The changing CISO role
  • Chapter 4: The new CISO’s toolbox
  • Chapter 5: Risk management
  • Chapter 6: The Information Security Management System
  • Chapter 7: CISO survival
  • Chapter 8: Summary – You become what you think about
• Chapter 1: The nature of the CISO Role
  • The beginning
  • Forever increasing threats
  • Challenges
  • The satisfaction
• Chapter 2: The traditional CISO job description
• Chapter 3: The changing CISO role
  • Today’s CISO – Enlightened leader
  • Holistic security
• Chapter 4: The new CISO’s toolbox
  • How do we start the shift?
  • What actions can you take today?
• Chapter 5: Risk management
  • What does ISO/IEC 27001:2022 have to say about risk assessment?
  • Risk treatment plans
  • ISO 31000:2018: Risk management – Principles and guidelines
  • Risk management principles according to ISO 31000:2018
  • Risk management – The heart of information security
• Chapter 6: The Information Security Management System
  • Elements of an Information Security Management System
  • Key processes within an Information Security Management System
  • The case for ISO/IEC 27001:2022 certification
• Chapter 7: CISO survival
  • A solid foundation
  • Your strategy to survive and prosper
• Chapter 8: Summary – You become what you think about
  • What do great CISOs think about today?
  • Protecting our greatest assets
  • What will great CISOs think about tomorrow?
  • How do you start thinking about the right things?
• Further reading