Developing Cybersecurity Programs and Policies

Omar Santos


All the Knowledge You Need to Build Cybersecurity Programs and Policies That Work


Clearly presents best practices, governance frameworks, and key standards

Includes focused coverage of healthcare, finance, and PCI DSS compliance

An essential and invaluable guide for leaders, managers, and technical professionals


Today, cyberattacks can place entire organizations at risk. Cybersecurity can no longer be delegated to specialists: success requires everyone to work together, from leaders on down. Developing Cybersecurity Programs and Policies offers start-to-finish guidance for establishing effective cybersecurity in any organization. Drawing on more than 20 years of real-world experience, Omar Santos presents realistic best practices for defining policy and governance, ensuring compliance, and collaborating to harden the entire organization.


First, Santos shows how to develop workable cybersecurity policies and an effective framework for governing them. Next, he addresses risk management, asset management, and data loss prevention, showing how to align functions from HR to physical security. You’ll discover best practices for securing communications, operations, and access; acquiring, developing, and maintaining technology; and responding to incidents.


Santos concludes with detailed coverage of compliance in finance and healthcare, the crucial Payment Card Industry Data Security Standard (PCI DSS) standard, and the NIST Cybersecurity Framework.


Whatever your current responsibilities, this guide will help you plan, manage, and lead cybersecurity–and safeguard all the assets that matter.


Learn How To

·         Establish cybersecurity policies and governance that serve your organization’s needs

·         Integrate cybersecurity program components into a coherent framework for action

·         Assess, prioritize, and manage security risk throughout the organization

·         Manage assets and prevent data loss

·         Work with HR to address human factors in cybersecurity

·         Harden your facilities and physical environment

·         Design effective policies for securing communications, operations, and access

·         Strengthen security throughout the information systems lifecycle

·         Plan for quick, effective incident response and ensure business continuity

·         Comply with rigorous regulations in finance and healthcare

·         Plan for PCI compliance to safely process payments

·         Explore and apply the guidance provided by the NIST Cybersecurity Framework





專注於醫療保健、金融和PCI DSS合規性的涵蓋範圍


現今,網絡攻擊可能對整個組織造成風險。網絡安全不再能夠委派給專家:成功需要每個人共同努力,從領導者到基層員工。《發展網絡安全計劃和政策》提供了在任何組織中建立有效網絡安全的全面指導。作者Omar Santos根據超過20年的實踐經驗,提出了定義政策和治理、確保合規性以及協作加強整個組織安全的現實最佳實踐。


Santos最後詳細介紹了金融和醫療保健領域的合規性,關鍵的支付卡行業數據安全標準(PCI DSS)以及NIST網絡安全框架。



- 建立符合組織需求的網絡安全政策和治理
- 將網絡安全計劃組件整合為一個統一的行動框架
- 在整個組織中評估、優先處理和管理安全風險
- 管理資產並防止數據損失
- 與人力資源合作解決網絡安全中的人為因素
- 加強設施和物理環境的安全性
- 設計保護通信、運營和訪問的有效政策
- 在信息系統生命周期中加強安全性
- 計劃快速、有效的事件應對並確保業務連續性
- 遵守金融和醫療保健領域的嚴格法規
- 計劃符合PCI合規性以安全處理支付
- 探索並應用NIST網絡安全框架提供的指導