Webinar: Information Security Management Overview
Webinar: Information Security Management Overview
Webinar Deck (PDF): Information Security Management Overview
February 1, 2018: Stan’s Guest: Bill Leider, Managing Partner, Axies Group
Webinar: Cybersecurity: Board Responsibilities. Board Leadership.
Webinar: Cybersecurity: Board Responsibilities. Board Leadership.
Webinar Deck (PDF): Cybersecurity: Board Responsibilities. Board Leadership.
September 5, 2019: Stan’s Guest: Bob Zukis, CEO and Founder, Digital Directors Network, Board Member, USC Marshall Professor, Forbes Contributor, xPwC Partner, Keynote Speaker
SecureTheVillage Webinar: The Information Security Management & Leadership Team
Webinar: The Information Security Management & Leadership Team
Webinar Deck (PDF): The Information Security Management & Leadership Team
March 1, 2018: Stan’s Guest: Dennis Duitch, CEO & Founder, Duitch Consulting Group
SecureTheVillage Webinar: The Great Reboot: Succeeding in a World of Catastrophic Risk and Opportunity – September 10th, 2020
Webinar: The Great Reboot
Stan’s Guest: Bob Zukis, CEO and Founder, Digital Directors Network, Board Member, USC Marshall Professor, Forbes Contributor, xPwC Partner, Keynote Speaker
Webinar: Embracing the New Mindset: Governing Your Business’s Cyber & Privacy Risk – August 13th, 2020
Webinar: Embracing the New Mindset: Governing Your Business’s Cyber & Privacy Risk
- George Usi, CEO, Omnistruct Inc, SecureTheVillage Board Member
- Jordan Fischer, CIPP-E, CIPP-US, CIPM, Co-Founder and Managing Partner at XPAN Law Group
WSJ PRO Cybersecurity Symposium – How to Protect Your Company Without Breaking the Bank, January 9, 2020
Event Recording: How to Protect Your Company Without Breaking the Bank
Dr. Stan Stahl, Founder of SecureTheVillage, President and Co-Founder of Citadel Information Group, Inc, recently acquired by top-100 CPA firm Miller Kaplan
Kiersten Todt, Managing Director, Cyber Readiness Institute;
Moderator: Kimberly S. Johnson, Editor, WSJ Professional Products, The Wall Street Journal
- Information Security Manager - The Information Security Manager [ISM] is the organization’s most-senior level person with management and leadership responsibility for information security. The ISM may also be called the Chief Information Security Officer, CISO. In mid-size and smaller organizations, the Information Security Management position is often not a full-time position. Thus the ISM will have other responsibilities, such as CFO, […]
- The NIST Framework — The Information Security Management Chain - Following the NIST Framework for Improving Critical Infrastructure Cybersecurity, managing the security of information hinges on five security management capabilities: Identify: what information needs to be protected and where it is located Protect: that information Detect: information attacks and other incidents Respond: to information attacks and other incidents, especially successful attacks Recover: from the incident, […]
- Team Mission, Goals, and Objectives - The Information Security Management & Leadership Team is responsible for managing the organization’s risk-based Information Security Management Program, designed to protect the confidentiality, integrity, and availability of the organization’s information. This article outlines it's objectives, function, and membership.
- Team Membership, Chair, and Meetings - Team Membership Team Selection: The Chief Executive and the Information Security Manager (ISM) identify the team members. Selection Criteria: Given the above Mission, Goals and Objectives, the team needs to include members at an executive level of authority. The team also must be sufficiently broad so that all staff and vendors are in a management […]
- The Objective of Information Security Management - Overview of the objectives of Information Security Management
- Team Operations - Get Started Initial Team Training. Implement information security management policies and standards. Provide basic awareness training to staff. Conduct an Information Security Risk Assessment. Develop Findings and Recommendations. Develop the Initial Action Plan Develop an Initial Action Plan based on the Findings and Recommendations of the Information Security Risk Assessment. What’s to be done in […]
- Team Authority, Accountability, and Governance - Team Authority In coordination with the Chief Executive, the Team has the authority to establish information security policies, standards and other materials and to hold staff accountable for compliance. In coordination with the Chief Financial Officer, the Team has the authority to establish budgets, commit resources and direct expenditure of organizational resources. Accountability and Governance […]
- A Few Quotes about High Performance Teams - Trust is knowing that when a team member does push you, they’re doing it because they care about the team. … Patrick Lencioni Talent wins games, but teamwork and intelligence wins championships. … Michael Jordan Coming together is a beginning. Keeping together is progress. Working together is success. … Henry Ford Perfection is not attainable, […]
- Information Security Management — Seven Critical Success Strategies - Critical points for understanding effective information security management and success.
- A Few Quotes about Information Security and Privacy - Distrust and Caution Are the Parents of Security … Benjamin Franklin The secret of success lies in managing risk, not avoiding it. … Merryle Rukeyser, Financial Journalist / Educator The number one thing at the Board level and CEO level is to take cybersecurity as seriously as you take business operations and financial operations. It’s […]
Cybersecurity: Surviving the Growing Cyber Tsunami. What the Executive Must do. Stan Stahl, SecureTheVillage President, Presentation to Vistage Executive Summit, September, 2018.
- 1-sheet summary handout for the Executive.
- 1-sheet summary handout for the Information Security Management & Leadership Team.
Boards Acknowledge Need to Better Manage Cyber Risk as the Consequences of a Breach Climb. A short video summarizing analysis of 5,000 Board Members in over 60 countries. Harvard Business Review
Cyber Crime, Cyber Security – and YOU: Cyber crime is technological climate change. … Becoming cyber secure requires cultural adaptability – only the CEO can lead that effort. Bill Leider, Axies Group. SecureTheVillage Leadership Council, September 21, 2017
CFOs Don’t Worry Enough About Cyber Risk: Every executive team and board of directors is asking themselves the same question in regard to their cyber risk right now: what can we do differently to avoid being the next Equifax, Yahoo! or Target, and protect our shareholder value? Harvard Business Review, December 2017.
Cybersecurity And The Board’s Responsibilities — ‘What’s Reasonable Has Changed’:Michael Yaeger focuses his practice on white collar criminal defense and investigations, securities enforcement, internal investigations, accounting fraud, cybercrime/cybersecurity and data security matters, as well as related civil litigation. Yaeger also leads internal investigation and cybercrime-related representations for financial services companies and provides guidance on drafting written information security plans and incident response plans for investment advisers. Forbes, April 2018
- Small Business Information Security: The Fundamentals . The guide from the National Institute of Standards and Technology (NIST) is written for small-business owners not experienced in cybersecurity and explains basic steps they can take to better protect their information systems.
- Protecting Personal Information: A Guide for Business — Federal Trade Commission (FTC)
- Start with Security: A Guide for Business; Lessons Learned from FTC Cases — Federal Trade Commission (FTC)
- Cybersecurity for Small Businesses, Small Business Administration Learning Center
- Cybersecurity Basics for the Work From Home Economy, California Lawyers Association (CLA)
Information Security and Governance Management Overviews
- The Citadel Way to Information Security Management … A Management Guide, Citadel Information Group
- Cybersecurity for middle market companies (5-minute video with transcript) — Robert Braun, Michael Gold; Cybersecurity and Privacy Law Group; Jeffer Mangels Butler & Mitchell
- Hacker stories: Case studies — Insights for the C-Suite. Target. Sony. Wendy’s and more — Presentation to SecureTheVillage Pasadena Roundtable, July 2016, Stan Stahl, Citadel Information Group
Illustrative Compliance Requirements
- HIPAA HITECH: The Security Rule. The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
- Cybersecurity requirements for financial services companies, Information security management requirements from the New York State Department of Financial Services (DFS), 2017.
Deeper Looks at Information Security Management
- ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements: ISO/IEC 27001 formally specifies an Information Security Management System (ISMS), a suite of activities concerning the management of information risks (called ‘information security risks’ in the standard). The ISMS is an overarching management framework through which the organization identifies, analyzes and addresses its information risks. The ISMS ensures that the security arrangements are fine-tuned to keep pace with changes to the security threats, vulnerabilities and business impacts – an important aspect in such a dynamic field, and a key advantage of ISO27k’s flexible risk-driven approach as compared to, say, PCI-DSS.
- NIST Cybersecurity Framework: The NIST Cybersecurity Framework provides a framework for how organizations can assess and improve their ability to prevent, detect, respond to, and recover from cyber attacks.
- California Data Breach Report, February 2016 — A good source for CA information security laws and regulations. The report provides a summary of 20 specific controls that the California Attorney General describes as “a minimum level of information security that all organizations that collect or maintain personal information should meet.” Former California Attorney General, Kamala Harris, asserts in the report that “failure to implement all the Controls that apply to an organization’s environment constitutes a lack of reasonable security.”
Creating a Cybersecurity culture
- Beyond Information Security Awareness Training: It’s Time to Change the Culture, Stan Stahl, Information Security Management Handbook, Sixth Edition, edited by Hal Tipton and Micki Krause, Auerbach, 2006
The Compelling Case For The CISO As Change Agent
- CISO Desk Reference Guide Volume 1, 2nd Edition: A Practical Guide for CISOs, Bill Bonney, Gary Hayslip, Matt Stamper, 2019
- CISO Desk Reference Guide Volume 2: A Practical Guide for CISOs, Bill Bonney, Gary Hayslip, Matt Stamper, 2018
- The New IQ: Leading Up, Down, and Across Using Innovative Questions, Chris Coffey and David Lam, 2015
- The Five Dysfunctions of a Team: A Leadership Fable, Patrick Lencioni, 2002
- The Ideal Team Player: How to Recognize and Cultivate the Three Essential Virtues, Patrick Lencioni, 2016