Bøger udgivet af Rothstein Publishing

When I was writing the first edition of this book, I knew that certain aspects of it would become dated owing to rapid changes in the cybersecurity industry, threat landscape and providers. Two years later I take full measure of all that has evolved in the cybersecurity world. Increasing zero-day attacks, growth of state-sponsored adversaries and consolidation of cybersecurity products and services all converged to shape where we are today. We have also witnessed some of the world's largest data breach events, increasingly destructive ransomware attacks and changes in legal and regulatory statutes.Aside from substantial updates of standards, source links and cybersecurity products here is what's new in the second edition: 50+ callout boxes highlighting cyberattacks and important resources. 60 self-study questions to hone your knowledge. 25 overviews of cybersecurity technologies. Expanded coverage of the intersection of cybersecurity and privacy. Expanded coverage of security training strategies. A new security talent development section. Discussion of cyber insurance policies. A new security testing strategies section. New adversary profiles. Expansion of attack surface discussion. Inclusion of new threat frameworks. Inclusion of a service management catalog. Introduction to emerging cybersecurity technologies. 17 powerful templates to document your cybersecurity program.I have always envisioned keeping this book regularly updated to ensure you would have a reliable cybersecurity reference source. I see this book as a forum to express my views on protecting assets and information. I also see it as a way to share what I learn through teaching Chief Information Security Officers (CISOs). Teaching affords me a platform to learn how some of the largest companies in the world address cybersecurity. I look forward to sharing future updates with you.

ASIS Book of The Year Runner Up. Selected by ASIS International, the world's largest community of security practitioners.In today's litigious business world, cyber-related matters could land you in court. As a computer security professional, you are protecting your data, but are you protecting your company? While you know industry standards and regulations, you may not be a legal expert. Fortunately, in a few hours of reading, rather than months of classroom study, Tari Schreider's Cybersecurity Law, Standards and Regulations (2nd Edition), lets you integrate legal issues into your security program.Tari Schreider, a board-certified information security practitioner with a criminal justice administration background, has written a much-needed book that bridges the gap between cybersecurity programs and cybersecurity law. He says, "My nearly 40 years in the fields of cybersecurity, risk management, and disaster recovery have taught me some immutable truths. One of these truths is that failure to consider the law when developing a cybersecurity program results in a protective façade or false sense of security."In a friendly style, offering real-world business examples from his own experience supported by a wealth of court cases, Schreider covers the range of practical information you will need as you explore - and prepare to apply - cybersecurity law. His practical, easy-to-understand explanations help you to:Schreider takes you beyond security standards and regulatory controls to ensure that your current or future cybersecurity program complies with all laws and legal jurisdictions. Hundreds of citations and references allow you to dig deeper as you explore specific topics relevant to your organization or your studies. This book needs to be required reading before your next discussion with your corporate legal department.This new edition responds to the rapid changes in the cybersecurity industry, threat landscape and providers. It addresses the increasing risk of zero-day attacks, growth of state-sponsored adversaries and consolidation of cybersecurity products and services in addition to the substantial updates of standards, source links and cybersecurity products.

The book will help you to: Balance reputation protection and legal obligation during a crisis. Know why and how to apologize without increasing liability. Weigh legal and communications advice when a crisis strikes. Learn from original research which lets lawyers and communicators speak in their own words. Draw practical everyday lessons from real-world examples of conflict between lawyers and communicators. Navigate the legal and communication challenges of dealing with the media in a crisis. Motivate lawyers and communicators to work better together. Identify and avoid crucial areas of potential conflict from selected crisis case studies. Understand the essential difference between corporate responsibility and legal liability. Make decisions and do the right thing to protect your organization.This book is designed to provide hands-on, practical guidance for senior executives, lawyers and public relations professionals to navigate crises and to balance conflicting advice from lawyers and communication professionals while promoting open communication and protecting legal liability.The book includes a wide variety of global case studies and examples while analyzing how legal and communications advice was managed and the impact on reputation. Crisis Counsel also includes interviews with four of the leading global experts on crisis management and the conclusions of a focused, unique global survey of senior lawyers.

Is security management changing so fast that you can't keep up? Perhaps it seems like those traditional "best practices" in security no longer work? One answer might be that you need better best practices! In their new book, The Manager's Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security, two experienced professionals introduce ESRM. Their practical, organization-wide, integrated approach redefines the securing of an organization's people and assets from being task-based to being risk-based.In their careers, the authors, Brian Allen and Rachelle Loyear, have been instrumental in successfully reorganizing the way security is handled in major corporations. In this ground-breaking book, the authors begin by defining Enterprise Security Risk Management (ESRM):"Enterprise security risk management is the application of fundamental risk principles to manage all security risks âˆ' whether information, cyber, physical security, asset management, or business continuity âˆ' in a comprehensive, holistic, all-encompassing approach."In the face of a continually evolving and increasingly risky global security landscape, this book takes you through the steps of putting ESRM into practice enterprise-wide, and helps you to: Differentiate between traditional, task-based management and strategic, risk-based management. See how adopting ESRM can lead to a more successful security program overall and enhance your own career. Prepare your security organization to adopt an ESRM methodology. Analyze and communicate risks and their root causes to all appropriate parties. Identify what elements are necessary for long-term success of your ESRM program. Ensure the proper governance of the security function in your enterprise. Explain the value of security and ESRM to executives using useful metrics and reports.Throughout the book, the authors provide a wealth of real-world case studies from a wide range of businesses and industries to help you overcome any blocks to acceptance as you design and roll out a new ESRM-based security program for your own workplace.

The book is intended for professionals like you. You have some familiarity with cause analysis projects, but you're looking for a simple and efficient cause investigation methodology - a more effective and insightful way of asking "why?"Follows the Cause Road Map. The author provides a comprehensive taxonomy for every cause investigation. Supporting his instructions with diagrams, charts, and real-world examples from companies like yours, he takes you step-by-step through planning, completing, and documenting your investigation: Chapter 1 helps you determine the level of effort that your investigation will require, assess the level of effort needed, and determine the rigor needed. Your investigation needs to be as risk-informed as possible Chapters 2 through 5 offer a new and innovative structure - rigorous yet intuitively easy to remember - to identify the underlying causes for the event (Cause Road Maps) and conduct the investigation. Chapter 6 introduces conceptual human performance models that will allow you to begin focusing on the human behaviors involved. Chapters 7 and 8 present you with methods, tools, and techniques for carefully interviewing personnel. Chapters 9 through 13 "put the pieces together," guiding you to analyze and model the event, determine corrective action, and document the investigations and findings.Free Interactive Cause Analysis Tool. To fully implement Rowe's Cause Road Map, you will need other tools to organize, analyze, and present the final results of your investigation. The author includes his downloadable Interactive Cause Analysis Tool - an easy-to-use tool in familiar spreadsheet format - free with your verified purchase of the book. The Interactive Cause Analysis Tool functions include: Help managing your cause investigation efforts. Providing supporting documentation for your report. Aiding in presenting the results. Structuring and sequencing of corrective action recommendations. Help assessing your organization's Safety Culture.Free Interactive Cause Analysis Tool. To fully implement Rowe's Cause Road Map, you will need other tools to organize, analyze, and present the final results of your investigation. The author includes his downloadable Interactive Cause Analysis Tool - an easy-to-use tool in familiar spreadsheet format - free with your verified purchase of the book. The Interactive Cause Analysis Tool functions include: Help managing your cause investigation efforts. Providing supporting documentation for your report. Aiding in presenting the results. Structuring and sequencing of corrective action recommendations. Help assessing your organization's Safety Culture."There are already many scientific tools to help us understand the physical causes for machine failures; the challenge now is to find a way of investigating human performance failure modes… humans are often a major source of slips, lapses, and mistakes." - Chester D. Rowe

Today's New Approach to Best Practices for Business Continuity After years of working with the traditional practices of business continuity (BC) - in project management, higher education, contingency planning, and disaster recovery - David Lindstedt and Mark Armour identified unworkable areas in many core practices of traditional BC. To address these issues, they created nine Adaptive BC principles, the foundation of this book: Deliver continuous value. Document only for mnemonics. Engage at many levels within the organization. Exercise for improvement, not for testing. Learn the business. Measure and benchmark. Obtain incremental direction from leadership. Omit the risk assessment and business impact analysis. Prepare for effects, not causes.Adaptive Business Continuity can improve your organization's recovery capabilities by ensuring continued delivery of services following an unexpected unavailability of people and/or resources. Transforms or eliminates many of the traditional best practices of the continuity planning industry. Moves the emphasis to proven practices and away from outdated and ineffectual conventional methods. Enhances your abilities to limit potential damage to your organization's brand, capital, functions, and revenue following an incident or disaster.The Structure of the BookThe chapters of this book proceed as an analogy, following the steps of rebuilding a house. Chapter 1: Demolition - The first step is to identify and remove of all the things that no longer properly belong in the kind of house you need - certain BC activities and products must be removed to provide the space we need to install something new. Chapter 2: Foundation - Provides a proper foundation for BC planning, an integrated theory of preparedness planning. Chapter 3: Framework - Outlines the individual steps, activities, and deliverables the practitioner creates in partnership with all levels of the organization. Chapter 4: Finishing - This narrative helps you envision what the Adaptive BC approach might look like in practice. In these fictional case studies, you will meet five practitioners as they implement Adaptive BC in their organizations. Chapter 5: Dwelling - Wraps up the book and offers a few thoughts on what the future of the BC industry might hold - including the promise of fun and innovation in your daily business continuity activities.Through a wealth of examples, diagrams, and real-world case studies, Lindstedt and Armour show you how you can execute the Adaptive BC framework in your own organization. You will: Recognize specific practices in traditional BC that may be problematic, outdated, or ineffective. Identify specific activities that you may wish to eliminate from your practice. Learn the capability and constraint model of recoverability. Understand how Adaptive BC can be effective in organizations with vastly different cultures and program maturity levels. See how to take the steps to implement Adaptive BC in your own organization. Think through some typical challenges and opportunities that may arise as you implement an Adaptive BC approach.As the authors take you through the steps of "building the house," you will see how Adaptive BC differs from traditional continuity planning and share the vision to create your own Adaptive BC programs and make needed changes within the profession.

­Cause Analysis Manual: Incident Investigation Method & Techniques, by Fred Forck - Rothstein Associates Inc.From 30+ years of experience as a performance improvement consultant, self-assessment team leader, and trainer, Fred Forck, CPT, understands what you need to get the job done. He leads you through a clear step-by-step process of root cause evaluation, quality improvement, and corrective action. Using these straightforward tools, you can avoid errors, increase reliability, enhance performance, and improve bottom-line results - while creating a resilient culture that avoids repeat failures. The key phases of this successful cause analysis include: Scoping the Problem Investigating the Factors Reconstructing the Story Establishing Contributing Factors Validating Underlying Factors Planning Corrective Actions Reporting LearningsAt each stage, Cause Analysis Manual: Incident Investigation Method and Techniques gives you a wealth of real-world examples, models, thought-provoking discussion questions, and ready-to-use checklists and forms.The author provides: references for further reading hundreds of illustrative figures, tables, and diagrams a full glossary of terms and acronyms professional indexYou know that identifying causes and preventing business-disrupting events isn't always easy. By following Fred Forck's proven steps you will be able to identify contributing factors, align organizational behaviors, take corrective action, and improve business performance!