Contents (1/2)

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

vii

Contents

Acknowledgments ...............................................................................................................xv

Introduction ......................................................................................................................xvii

Preface ................................................................................................................................xxi

Aut hors ............................................................................................................................ xxiii

I SECTION STRATEGY

Strategy: An Introduction ............................................................................................3

Strategic Planning Essentials .............................................................................................. 3

Strategic Planning Process Evaluation ................................................................................ 5

Security Leadership Challenges.......................................................................................... 6

Getting Started .................................................................................................................. 7

Value Proposition ...................................................................................................... 8

Other Challenges for Security and Strategic Planning ....................................................... 8

When Strategic Planning Should Be Conducted ...............................................................10

Metaphor Analysis and Strategic Planning ........................................................................10

Strategic Planning as a Process .................................................................................13

Requirements for Successful Strategic Plans .............................................................14

Creating a Security Culture ...............................................................................................15

Security Continuum (Moving toward a Security Culture)................................................15

Conclusion ........................................................................................................................16

2 Getting to the Big Picture ..........................................................................................17

Background (Why Should Security Bother with Strategic Planning?) ...............................17

Menu of Strategic Planning Methods and Models ............................................................18

Which Strategic Planning Tools?...................................................................................... 20

What Are Security Plan Essentials? (Analysis, Planning, and Implementation) ................ 20

Learn the Big Picture of the Extended Enterprise.....................................................21

Include a High-Level Risk Assessment as Input .......................................................21

Link Your Strategic Plan to the Organization Strategic Plan ................................... 22

Develop Flexibility and Fluidity in Your Department ............................................. 22

When Should Strategic Planning Be Done? ...................................................................... 23

Six Keys to Successful Strategic Planning ......................................................................... 24

Simplicity ................................................................................................................ 24

TAF-K11348-10-0301-C000toc.indd viiTAF-K11348-10-0301-C000toc.indd vii 8/18/10 3:20:00 PM8/18/10 3:20:00 PM

viii ◾ Contents

Passion (Emotional Energy) and Speed of Planning and Adapting ..........................25

Connection to Core Values ..................................................................................... 26

Core Competencies ................................................................................................. 27

Communicat ion ...................................................................................................... 28

Implementation....................................................................................................... 29

Myths about Strategic Planning ....................................................................................... 30

Barriers to Strategic Planning ............................................................................................31

Pushing through to the Next Level of Strategic Breakthrough (Inside/Outside

Organizational Input/Output) ...................................................................................31

Going Slow to Go Faster, or Don’t Just Do Something, Sit  ere (Honing

Organizational Strategic Planning Skills) ................................................................ 32

 ink Ahead, Act Now ........................................................................................... 32

Strategic Business Principles and Workplace Politics ............................................... 32

Looking for Niches, Voids, Under-Your-Nose Advantages ........................................33

Overcoming Negative Perceptions of Security ...................................................................33

Averse to Outsourcing............................................................................................. 34

Reluctant to Change Quickly ................................................................................. 34

Stovepiped Organization Out of Touch with Business Realities .............................. 34

Always Looking for the Next Magic Technology Bullet ...........................................35

Promises, Promises You Can’t Keep.........................................................................35

Developing Strategic  inking Skills ................................................................................35

Create Time for  inking ....................................................................................... 36

Scan ........................................................................................................................ 36

Inquire .................................................................................................................... 37

Focus Long Distance/Practice Short Distance ......................................................... 37

Anticipate ............................................................................................................... 38

Communicate ......................................................................................................... 38

Evaluate .................................................................................................................. 38

Practice Flexibility ................................................................................................... 39

Conclusion ....................................................................................................................... 40

3 Testing the Consumer .................................................................................................41

Introduction......................................................................................................................41

Deﬁ ning the Consumer Buckets ...................................................................................... 42

What Historic Issues Are We Trying to Resolve or Avoid? ....................................... 42

What Are the Challenges? ....................................................................................... 43

Customer Relationship Management (CRM).......................................................... 43

Customer Value Management (CVM) .................................................................... 44

When Should You Collect Consumer Data?.............................................................45

Quick Customer Assessment ............................................................................................ 46

Managing Key Internal Relationships ..................................................................... 46

Conducting Face-to-Face Interviews ........................................................................47

Guidelines for How to Solicit Feedback ...................................................................47

Designing Customer Feedback Surveys............................................................................ 48

Online Survey Guidelines ....................................................................................... 49

Focus Group Guidelines ......................................................................................... 49

Deploying a Survey .......................................................................................................... 50

TAF-K11348-10-0301-C000toc.indd viiiTAF-K11348-10-0301-C000toc.indd viii 8/18/10 3:20:00 PM8/18/10 3:20:00 PM

Contents ◾ ix

Measuring Customer Satisfaction Results ........................................................................ 50

Integration of Consumer Data ......................................................................................... 50

Conclusion ........................................................................................................................52

4 Strategic Framework (Inputs to Strategic Planning) ..................................................53

Introduction......................................................................................................................53

Environmental Scan ......................................................................................................... 54

Regulations and Legal Environment .................................................................................55

Industry Standards........................................................................................................... 56

Marketplace–Customer Base ............................................................................................59

Organizational Culture .................................................................................................... 60

National and International Requirements (Political and Economic) ..................................61

Competitive Intelligence .................................................................................................. 62

Business Intelligence ........................................................................................................ 63

Technical Environment and Culture ................................................................................ 63

Business Drivers ................................................................................................................65

Business Drivers for the Enterprise .......................................................................... 66

Additional Environmental Scan Resources ........................................................................67

Scenario Planning ............................................................................................................ 68

Futurist Consultant Services ............................................................................................ 69

Blue Ocean Strategy versus Red Ocean Strategy .............................................................. 70

Future (the Need to Be Forward Looking)....................................................................... 71

Conclusion ....................................................................................................................... 72

5 Developing a Strategic Planning Process ...................................................................73

Roles and Responsibilities .................................................................................................74

Process and Procedures .................................................................................................... 75

Get Ready to Plan for a Plan .............................................................................................76

Planning, Preparation, and Facilitation ............................................................................ 77

Building a Foundation for Strategy (High, Wide, and Deep) ........................................... 79

In the Beginning .............................................................................................................. 79

Vision, Mission, and Strategic Initiatives ................................................................. 80

Vision Statement ............................................................................................ 80

Mission Statement ..........................................................................................81

Strategic Initiatives ..........................................................................................81

Analysis................................................................................................................... 82

Strategy Formation (Goals, Measurable Objectives) ................................................ 83

Implementation (a Bias toward Action and Learning) ...................................................... 84

Keys to Success for the Implementation Stage of Strategic Planning ........................ 84

Feedback, Tracking, and Control ......................................................................................85

Completion ...................................................................................................................... 87

Best Strategies (Strategies  at Work) .............................................................................. 87

Conclusion ....................................................................................................................... 88

6 Gates, Geeks, and Guards (Security Convergence).....................................................91

Introduction......................................................................................................................91

Terms and Deﬁ nitions ............................................................................................ 93

Beneﬁ ts of Security Convergence ..................................................................................... 93

TAF-K11348-10-0301-C000toc.indd ixTAF-K11348-10-0301-C000toc.indd ix 8/18/10 3:20:00 PM8/18/10 3:20:00 PM

x ◾ Contents

Cost Savings ........................................................................................................... 93

Improved Security and Risk Management .............................................................. 94

More Eﬀ ective Event/Incident Management........................................................... 95

User Experience ...................................................................................................... 96

Regulatory Compliance .......................................................................................... 96

Improved Business Continuity Planning ................................................................. 96

Other Improvements............................................................................................... 97

Convergence Challenges .................................................................................................. 97

Success Factors ................................................................................................................. 98

Conclusion ....................................................................................................................... 99

ISECTION I TACTICS

Tactics: An Introduction ...........................................................................................103

Tactical Framework .........................................................................................................103

Facilities—Physical Attack Scenarios .....................................................................104

IT Systems—Logical Attack Scenarios ..................................................................106

Objectives Identiﬁ cation .................................................................................................107

First Principles ................................................................................................................108

Observation Principle.............................................................................................108

Response Principle .................................................................................................109

Timeliness Principle ...............................................................................................109

Preparedness Principle............................................................................................110

Economy Principle .................................................................................................111

Maintenance of Reserves (Coverage) Principle .......................................................112

Redundancy Principle ............................................................................................113

Least Privilege Principle .........................................................................................114

Commonality Principle .......................................................................................... 115

Conclusion ......................................................................................................................116

8 Layer upon Layer (Defense in Depth) ......................................................................119

Introduction....................................................................................................................119

Defense-in-Depth Objectives Identiﬁ cation ....................................................................121

Information Environments............................................................................................. 122

 reats ........................................................................................................................... 122

Environmental Objectives .............................................................................................. 123

In-House Objectives ............................................................................................. 123

Limited and Controlled Boundary Access Points......................................... 123

Eﬀ ective Logging, Detection, and Alerting Capabilities ...............................125

Operational Excellence for Security Controls .............................................. 126

Superior Personnel Supervision, Training, and Skills Management .............. 127

High Assurance Identity Management ......................................................... 127

Timely Incident Response and Resolution ................................................... 128

Shared-Risk Environments .....................................................................................129

Hosted Objectives ..................................................................................................129

Consumer Scenario .......................................................................................129

Provider Scenario ..........................................................................................132

TAF-K11348-10-0301-C000toc.indd xTAF-K11348-10-0301-C000toc.indd x 8/18/10 3:20:00 PM8/18/10 3:20:00 PM

Contents ◾ xi

Hybrid Objectives ................................................................................................. 136

Consumer Objectives ................................................................................... 136

Provider Objectives .......................................................................................139

Conclusion ......................................................................................................................141

9 Did You See  at! (Observation) ..............................................................................143

Introduction....................................................................................................................143

Observation Objectives ...................................................................................................144

Observation Elements .....................................................................................................145

Rec onna issa nce ......................................................................................................145

Sentry ....................................................................................................................146

Physical Security ...........................................................................................146

IT Security....................................................................................................149

Alarming................................................................................................................152

Command..............................................................................................................154

Summary ...............................................................................................................155

Drivers and Beneﬁ ts for Excellence in Observation .........................................................156

Observation Challenges ..................................................................................................157

Success Factors and Lessons Learned ..............................................................................158

Reconnai s s anc e ......................................................................................................158

Surveillance............................................................................................................158

CCTV Surveillance Lessons Learned............................................................159

Physical Detectors Lessons Learned ..............................................................159

IT System Security.................................................................................................159

IT System Security Lessons Learned .............................................................159

Excellence in Observation Control Objectives................................................................160

Rec onna issa nce ...................................................................................................... 160

Surveillance............................................................................................................160

Event Detectors ......................................................................................................161

Pattern and Anomaly Detectors .............................................................................163

Conclusion ......................................................................................................................165

10 Trust but Verify (Accountabi lit y) ..............................................................................169

Introduction....................................................................................................................169

Unmatched Value of Accountabil ity ................................................................................169

Comprehensive Accountability Challenges .....................................................................172

Identity Challenges ................................................................................................172

Audit Challenges....................................................................................................173

Best Uses for the Accountability Tactic ...........................................................................174

Comprehensive Accountability Identity Objectives .........................................................175

Identity Control Requirements for Accountability .................................................176

Domain and Local Account Management ....................................................176

Name Collision.............................................................................................176

Identity Retention ..................................................................................................178

Identity Veriﬁ cation ...............................................................................................179

Local System Accounts...........................................................................................180

TAF-K11348-10-0301-C000toc.indd xiTAF-K11348-10-0301-C000toc.indd xi 8/18/10 3:20:00 PM8/18/10 3:20:00 PM

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Contents (1/2)

Create new playlist

Sign In

Sign Up

Table of Contents for
Contents (1/2)