“CISO Handbook — Practical Guide to Information Security for Business Execution”
release note:
On 20 January 2021, the “CISO Handbook — A Practical Guide to Information Security for Business Execution” (authored by the JNSA CISO Support Working Group) will be published.
While there are many good books on corporate security, this book is unique in focusing on a practical guide on what CISOs should do as a management team member. It is also an attempt to help the management team understand the value of the CISO and promote “what management should do with the CISO.”
CISO Handbook — A Practical Guide to Information Security for Business Execution
(Japanese only)Author : JNSA CISO Support Working Group
Publisher : Gijutsu Hyoronsha (2021/1/20)
Release Date : 2021/1/20
Book (softcover) : 400 pages
ISBN-10 : 4297118351
ISBN-13 : 978–4297118358
Abstract
This book does not describe just a collection of things that primary security practices. In fact, it’s been a challenging topic for authors. When we started writing the first document (Ver1.0beta) with Kono-san(now at Microsoft), we thought we could get it done in about three months. However, even though we thought we understood it as common sense in our field, many things were unclear and unstructured, and we could not proceed with the writing.
We set up the JNSA CISO Support Working Group and gaining more knowledge and power, and we published “the CISO Handbook Ver1.0 beta” in May 2018 with two and a half years of effort. During this time, the project called “Soba noodle shop delivery project” because we kept saying “it will be ready soon.”
The opportunity to publish the book by Gijutsu Hyoronsha enabled us to write this updated edition. The addition of new members to the JNSA CISO Support Working Group spurred us on to write it. After a little over a year (it was longer than planned due to the Corona disaster’s effects), we reorganized the first version and carried it into more detail.
In other words, not only around basic security measures, but the book also covers management in business, which is something that technical people are not very good at, and incident transitions to understand the history of security measures. As a result, the table of contents alone is 266 lines long, and the contents are 400 pages long, making it a rather heavy book.
Once the book is complete, we can see some inadequacies and areas we would like to update. However, this book contributes to discussing what the CISO should do as a member of the management team in his or her field and provide a roadmap to implement security measures. We also hope that CISOs who are relatively inexperienced in security and security specialist who support CISO take this book as a map to promote their work.
The JNSA CISO Support Working Group will continue its activities in the future. The working group will continue to brush up on this book and try to make it even better. We would also like to invite as many people as possible to join the working group to explorer the discussion.
Acknowledgments
Last but not least, we would like to thank the many experts for their knowledge and advice, as well as their various experiences and opportunities. It would not have been possible to achieve this level of quality without the help of the authors.
We would like to thank them all again for their help.
JNSA CISO Support Working Group,
All authors of the CISO Handbook
