This book establishes the business case for setting up an enduring IT security awareness program for use in training IT professionals and IT security professionals. This book details an IT security process for establishing and maintaining common security protections for the confidentiality, availability, and integrity of company information. The IT security process is applied to a series of real-world scenarios in terms of common security controls to protect company information. IT security involves understanding the challenges and managing the corresponding risks. Risk management involves asset management, security vulnerabilities, security threats, risk identification, risk mitigation, and security controls. The authors provide a pragmatic approach to balancing affordable IT security protection and risk. Readers will learn: IT Security Awareness-Exemplified in five IT security scenarios describing how to protect information at home, while traveling, at work, as an executive, and internationally IT Security Mindset-Thinking like an IT security professional IT Risk Management Process-Identifying assets, risk management process that involves asset management, security vulnerabilities, security threats, risk identification, risk mitigation, and security controls Enduring IT Security-Implementing, measuring, and continually improve IT security program

FOREWORD ¿ 1 page ABOUT THE AUTHORS ¿ 1 page ACKNOWLEDGMENTS ¿ 1 page INTRODUCTION ¿ 2 pages What is this book about? Who should read this book? Why did the authors write this book? Organization of the book CHAPTERS Chapter 1¿Business Case (~15 pages) This chapter presents the business case for setting up an enduring IT security awareness and training program for use in training the employees of the company¿from IT users to career IT security professionals. This chapter introduces fundamental concepts and terms used throughout the book. Chapter 2¿IT Security Mind Set (~15 pages) This chapter presents thinking like an IT security professional to establish and maintain common security protections. Chapter 3¿IT Security Risk Management (~15 pages) This chapter presents a risk management process that involves asset management, security vulnerabilities, security threats, risk identification, risk mitigation, and security controls. Chapter 4¿IT Security Process (~15 pages) This chapter presents how to establish security scopes and select corresponding controls to protect the confidentiality, availability, and integrity of company information. Chapter 5¿IT Security Scenarios and Perspectives (~40 pages) This chapter presents how the Chapter 4 IT security process is applied to various scenarios. Each scenario will walk through a number of common security controls and apply the IT security process to identify how to protect company information. IT security at home IT security while traveling IT security at work IT security as an executive International IT security Chapter 6¿Planning IT Security Awareness and Training (~15 pages) This chapter presents practical guidance on how to write an IT Awareness and Training implementation plan. Chapter 7¿Implementing IT Security Awareness and Training Program(~15 pages) This chapter presents human issues related to bringing about enterprise-wide cultural change due to implementation of an IT Awareness and Training Program. Chapter 8¿Measuring IT Security Awareness and Training Program Implementation (~15 pages) This chapter presents practical guidance for measuring program implementation success and how to use the measurements to achieve awareness and training goals. Chapter 9¿Managing Continual Program Improvement (~15 pages) This chapter presents practical guidance for monitoring compliance, evaluating feedback and improving the program. Chapter 10¿Looking to the Future (~15 pages) This chapter presents a view of the evolving cybersecurity attacks as they become more capable and sophisticated. APPENDICES ¿ 10 pages GLOSSARY ¿ 3 pages BIBLIOGRAPHY ¿ 3 pages INDEX ¿ 4 pages