Advertisement

Managing an Enterprise Cybersecurity Program

  • Scott E. Donaldson
  • Stanley G. Siegel
  • Chris K. Williams
  • Abdul Aslam

Abstract

Once the enterprise has its cybersecurity controls and capabilities, and can quantitatively assess its cybersecurity posture and operate its cybersecurity processes, it is time to engage with the business at a programmatic level and operate a comprehensive cybersecurity program. This chapter describes how the enterprise can use iterative assessments and prioritization to select, plan, resource, and execute progressive improvements to its cybersecurity posture. This cybersecurity program utilizes all of the management tools described in this book, including: (1) a framework for managing a cybersecurity program, (2) a quantitative method for assessing the program and identifying strengths and weaknesses, and (3) ongoing operations and cycles of improvements.

Keywords

Assessment Score Functional Area Risk Mitigation Aggregate Score Attack Scenario 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Copyright information

© Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, and Abdul Aslam 2015

Authors and Affiliations

  • Scott E. Donaldson
    • 1
  • Stanley G. Siegel
    • 1
  • Chris K. Williams
    • 1
  • Abdul Aslam
    • 1
  1. 1.VAUnited States

Personalised recommendations