Part III

Winning the War consists of specific security team tasks and responsibilities.

Chapter 8 Funding the War
This is about the budget and our approach is not traditional. While building a business case remains a fundamental building block, security budgeting inevitably depends on a forthright discussion with security-obligated executives as to what risks the company is willing to tolerate.

Supporting Materials:

Chapter 9 Measuring Success
Provides guidance about the use of security metrics to manage and optimize security operations. There are a multitude of potential metrics and our emphasis is in choosing the most useful ones and reporting their values regularly and in an informative style.

Supporting Materials

Chapter 10 Managing Crises
This is a proactive guide in preparing for the likely event that there will be a security breach. We identify four key steps beginning with containment and ending with remediation. We recommend identifying resources such as law enforcement specialists in advance.

Supporting Materials

Chapter 11 Aligning the Allies
Speaks to the need for security organizations to cultivate shared understandings within and outside the company. The traditional company boundaries have evolved and we focus on how to align resources to work in concert with trading partners toward the shared goal of strong security.

Supporting Materials

Chapter 12 Future Proofing
Looks to the security horizon with an emphasis on anticipating the next generation of threats. History demands that we link emerging information technologies with emerging threats. We focus the discussion on current trends such as cloud computing, virtualized processing and storage systems, and the consumerization of IT.

Supporting Materials