CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers

Todd Fitzgerald, co-author of the ground-breaking (ISC)² CISO Leadership: Essential Principles for Success, Information Security Governance Simplified: From the Boardroom to the Keyboard, co-author for the E-C Council CISO Body of Knowledge, and contributor to many others including Official (ISC)² Guide to the CISSP CBK, COBIT 5 for Information Security, and ISACA CSX Cybersecurity Fundamental Certification, is back with this new book incorporating practical experience in leading, building, and sustaining an information security/cybersecurity program.

CISO COMPASS includes personal, pragmatic perspectives and lessons learned of over 75 award-winning CISOs, security leaders, professional association leaders, and cybersecurity standard setters who have fought the tough battle. Todd has also, for the first time, adapted the McKinsey 7S framework (strategy, structure, systems, shared values, staff, skills and style) for organizational effectiveness to the practice of leading cybersecurity to structure the content to ensure comprehensive coverage by the CISO and security leaders to key issues impacting the delivery of the cybersecurity strategy and demonstrate to the Board of Directors due diligence. The insights will assist the security leader to create programs appreciated and supported by the organization, capable of industry/ peer award-winning recognition, enhance cybersecurity maturity, gain confidence by senior management, and avoid pitfalls.

The book is a comprehensive, soup-to-nuts book enabling security leaders to effectively protect information assets and build award-winning programs by covering topics such as developing cybersecurity strategy, emerging trends and technologies, cybersecurity organization structure and reporting models, leveraging current incidents, security control frameworks, risk management, laws and regulations, data protection and privacy, meaningful policies and procedures, multi-generational workforce team dynamics, soft skills, and communicating with the Board of Directors and executive management. The book is valuable to current and future security leaders as a valuable resource and an integral part of any college program for information/ cybersecurity.

Todd Fitzgerald，這本新書結合了他在領導、建立和維護資訊安全/網路安全計畫方面的實際經驗。他是開創性的合著者，包括《(ISC)2 CISO Leadership: Essential Principles for Success》、《Information Security Governance Simplified: From the Boardroom to the Keyboard》、《E-C Council CISO Body of Knowledge》等，並為其他許多書籍做出貢獻，包括《Official (ISC)2 Guide to the CISSP CBK》、《COBIT 5 for Information Security》和《ISACA CSX Cybersecurity Fundamental Certification》。

《CISO COMPASS》包含了超過75位屢獲殊榮的CISO、安全領導者、專業協會領導者和網路安全標準制定者的個人、實用觀點和經驗教訓。Todd還首次將麥肯錫7S框架（策略、結構、系統、共享價值觀、人員、技能和風格）適應於領導網路安全的實踐，以確保CISO和安全領導者全面涵蓋影響網路安全策略交付的關鍵問題，並向董事會展示盡職調查。這些見解將幫助安全領導者創建組織所讚賞和支持的計畫，能夠獲得業界/同行的獎項認可，提升網路安全成熟度，贏得高層管理的信心，並避免陷阱。

這本書是一本全面的指南，讓安全領導者能夠有效保護資訊資產並建立屢獲殊榮的計畫。內容涵蓋了開發網路安全策略、新興趨勢和技術、網路安全組織結構和報告模型、利用當前事件、安全控制框架、風險管理、法律和法規、資料保護和隱私、有意義的政策和程序、多代人的團隊動態、軟技能以及與董事會和高層管理層的溝通。這本書對現任和未來的安全領導者來說是一個寶貴的資源，也是任何資訊/網路安全學程的重要組成部分。