Book Release Authored by Andersen Alumnus Bryan Kissinger: The Business-Minded
CISO: How to Organize, Evangelize, and Operate an Enterprise-wide IT Risk
Author: Bryan Kissinger PhD, Former Consultant in Andersen’s Technology Risk Consulting Practice, currently Vice President and CISO for Trace3.
Information technology (IT) risk and information security management are top of mind for corporate boards and senior business leaders. Continued intensity of cyber terrorism attacks, regulatory and compliance requirements, and customer privacy concerns are driving the need for a business-minded chief information security officer (CISO) to lead organizational efforts to protect critical infrastructure and sensitive data.
While most CISOs report administratively to the chief information officer (CIO), there is a growing realization that this key leadership role requires an individual with both strong technical experience and business acumen. A CISO must be able to both develop a practical program aligned with overall business goals and objectives and evangelize this plan with key stakeholders across the organization. The modern CISO cannot sit in a bunker somewhere in the IT operations center and expect to achieve buy-in and support for the activities required to operate a program. This book describes the thought process and specific activities a leader should consider as they interview for the IT risk/information security leader role, what they should do within their first 90 days, and how to organize, evangelize, and operate the program once they are into the job. It provides practical, tested strategies for designing your program and guidance to help you be successful long term. It is chock full of examples, case studies, and diagrams right out of real corporate information security programs. The Business-Minded Chief Information Security Officer is a handbook for success as you begin this important position within any company and can be ordered on Amazon