Skip to content Skip to sidebar Skip to footer

Welcome to Rothstein Publishing!

data-breach-readiness-rothstein-publishing

A Crash Course in Data Breach Readiness

Incident Response Plans and Security Breaches A study released by IBM and the Ponemon Institute found that: 77% of businesses worldwide do not have a consistent incident response plan for data breaches. These corporations rely solely on informal or department-specific damage-control strategies. Even more troubling, nearly half of the organizations surveyed characterized their incident…

Read More

security-budget-risk-tolerance-rothstein-publishing

Security Budgets and the Risk Tolerance Question

We’ve all been there. It’s annual budget time and we are told that belts are tightening and we have to cut costs. Where does the finance organization look first for savings and what is their risk tolerance? That’s right… to the functions within the organization who do not contribute directly to the bottom line. So what’s a security professional to do when you are already operating a lean organization? You are protecting your company’s assets the best you can? And you still are being asked to perform better with fewer resources? In this article Rachelle Loyear discusses a few options for helping you meet the financial pressures of the organization while not going outside of the risk tolerances set by your management team.

Read More

information-security-policies-roles-and-responsibilities-made-easy-rothstein-publishing

Information Security Policies, Roles, Responsibilities Made Easy: SPECIAL OFFER

Information Security Policies Made Easy is the “gold standard” information security policy template library, with over 1500 pre-written information security policies covering over 200 security topics. Based on the 25 year consulting experience of Charles Cresson Wood, CISSP, CISA, it is the most widely used policy library in the world, with over 10,000 customers in 60 countries. Take the work out of creating, writing, and implementing security policies.Information Security Roles and Responsibilities Made Easy by security expert Charles Cresson Wood, provides over 70 pre-written job descriptions, mission statements, and organization charts that you can easily customize for your own organization.

Read More

cyber-security-risks-the-changing-risk-and-liability-landscape-rothstein-publishing

Cyber Security Risks: The Changing Risk and Liability Landscape

Cyberrisks are fast-evolving, posing an ever-changing threat to businesses. Five years ago cyber security risks ranked at number 15 for most important peril. According to the annual Allianz Risk Barometer cyber security risks is now the second most important peril globally today. But some of these risks remain underestimated, and negligence scenarios are also increasing.…

Read More

cybersecurity-program-security-manager-handbook-rothstein-publishing

Creating a Culture of Cybersecurity

Creating a Culture of Cybersecurity

Even the best made cybersecurity governance programs cannot predict every situation that should be guided by a principle or policy. At some point, you will have to rely on the employees of your organization to do the right thing. How do you train every employee to do the right thing every time? The answer is you cannot; no amount of training will accomplish this. What you must do is change the culture of cybersecurity over time where doing the right thing becomes intuitive. Training will help, but is not the sole answer.

Read More

information-security-policies-roles-and-responsibilities-made-easy-rothstein-publishing

Information Security Policies, Roles, Responsibilities Made Easy: SPECIAL OFFER

Information Security Policies Made Easy is the “gold standard” information security policy template library, with over 1500 pre-written information security policies covering over 200 security topics. Based on the 25 year consulting experience of Charles Cresson Wood, CISSP, CISA, it is the most widely used policy library in the world, with over 10,000 customers in 60 countries. Take the work out of creating, writing, and implementing security policies.Information Security Roles and Responsibilities Made Easy by security expert Charles Cresson Wood, provides over 70 pre-written job descriptions, mission statements, and organization charts that you can easily customize for your own organization.

Read More

enterprise-security-risk-management-concepts-applications-esrm-book-rothstein-publishing

Enterprise Security Risk Management (ESRM): Concepts & Applications

As a security professional, have you found that you and others in your company do not always define “security” the same way? Have security interests and business interests become misaligned? Brian Allen and Rachelle Loyear offer a NEW approach: Enterprise Security Risk Management (ESRM). By viewing security through a risk management lens, ESRM can help make you and your security program successful! Brian Allen and Rachelle Loyear show you step-by-step how Enterprise Security Risk Management (ESRM) applies fundamental risk principles to manage all security risks, based on years of practical experience and research. Whether risks you face are informational, cyber, physical security, asset management, or business continuity, all are included in the holistic, all-encompassing ESRM approach which will move you from task-based to risk-based security.

Read More

cybersecurity-program-security-manager-handbook-rothstein-publishing

Is YOUR CyberSecurity Program Up to the Challenge?

What about the legal aspects of cybersecurity? ARE YOU AT RISK?

With critical information assets at risk, your company requires a state-of-the-art cybersecurity program. But how do you achieve the best possible program? Tari Schreider, in Building Effective Cybersecurity Programs: A Security Manager’s Handbook, lays out the step-by-step roadmap to follow as you build or enhance your cybersecurity program. Building Effective Cybersecurity Programs: A Security Manager’s Handbook is organized around the six main steps on the roadmap that will put your cybersecurity program in place:
  1. Design a Cybersecurity Program.
  2. Establish a Foundation of Governance.
  3. Build a Threat, Vulnerability Detection, and Intelligence Capability.
  4. Build a Cyber Risk Management Capability.
  5. Implement a Defense-in-Depth Strategy.
  6. Apply Service Management to Cybersecurity Programs.

Read More

enterprise-security-risk-management-concepts-and-applications-by-brian-allen-and-rachelle-loyear-rothstein-publishing

Enterprise Security Risk Management: Concepts & Applications

As a security professional, have you found that you and others in your company do not always define “security” the same way? Perhaps security interests and business interests have become misaligned. Brian Allen and Rachelle Loyear offer a new approach: Enterprise Security Risk Management (ESRM). By viewing security through a risk management lens, ESRM can help make you and your security program successful. In their long-awaited book, based on years of practical experience and research, Brian Allen and Rachelle Loyear show you step-by-step how Enterprise Security Risk Management (ESRM) applies fundamental risk principles to manage all security risks. Whether the risks are informational, cyber, physical security, asset management, or business continuity, all are included in the holistic, all-encompassing ESRM approach which will move you from task-based to risk-based security.

Read More

enterprise-security-risk-management-concepts-and-applications-by-brian-allen-and-rachelle-loyear-rothstein-publishing

Physical and Logical Security: Joining Forces to Manage your Enterprise Security Risk

Just a decade ago, as security professionals, we could talk reasonably about physical security and logical security requiring different approaches. Five years ago, we might have found ourselves having conversations about the blurring lines between the two types of security discipline, and could have easily pointed to aspects of both physical and logical security that…

Read More