Doing Security


Book Description

Despite the growing interest in security amongst governments, organizations and the general public, the provision of much security is substandard. This book explores the problems facing security, and sets out innovative proposals to enhance the effectiveness of security in society, at national and organizational levels.




Private Military and Security Companies


Book Description

This book’s primary concern is the application of International Humanitarian Law and International Human Rights Law in addressing the business conduct of Private Military and Security Companies (PMSCs) during armed conflicts, as well as state responsibility for human rights violations and current attempts at international regulation. The book discusses four interconnected themes. First, it differentiates private contractors from mercenaries, presenting an historical overview of private violence. Second, it situates PMSCs’ employees under the legal status of civilian or combatant in accordance with the Third and Fourth Geneva Conventions of 1949. It then investigates the existing law on state responsibility and what sort of responsibility companies and their employees can face. Finally, the book explores current developments on regulation within the industry, on national, regional and international levels. These themes are connected by the argument that, in order to find gaps in the existing laws, it is necessary to establish what they are, what law is applicable and what further developments are needed.




Fuelling Insecurity


Book Description

Known as ‘the land of fire’, Azerbaijan’s politics are materially and ideologically shaped by energy. In the country, energy security emerges as a mix of coercion and control, requiring widespread military and law enforcement deployment. This book examines the extensive network of security professionals and the wide range of practices that have spread in Azerbaijan’s energy sector. It unpacks the interactions of state, supra‐state, and private security organizations and argues that energy security has enabled and normalized a coercive way of exercising power. This study shows that oppressive energy security practices lead to multiple forms of abuse and poor energy policies.




The Security Leader’s Communication Playbook


Book Description

This book is for cybersecurity leaders across all industries and organizations. It is intended to bridge the gap between the data center and the board room. This book examines the multitude of communication challenges that CISOs are faced with every day and provides practical tools to identify your audience, tailor your message and master the art of communicating. Poor communication is one of the top reasons that CISOs fail in their roles. By taking the step to work on your communication and soft skills (the two go hand-in-hand), you will hopefully never join their ranks. This is not a “communication theory” book. It provides just enough practical skills and techniques for security leaders to get the job done. Learn fundamental communication skills and how to apply them to day-to-day challenges like communicating with your peers, your team, business leaders and the board of directors. Learn how to produce meaningful metrics and communicate before, during and after an incident. Regardless of your role in Tech, you will find something of value somewhere along the way in this book.




Interview Questions and Answers


Book Description




The Security Risk Assessment Handbook


Book Description

Conducted properly, information security risk assessments provide managers with the feedback needed to manage risk through the understanding of threats to corporate assets, determination of current control vulnerabilities, and appropriate safeguards selection. Performed incorrectly, they can provide the false sense of security that allows potential threats to develop into disastrous losses of proprietary information, capital, and corporate value. Picking up where its bestselling predecessors left off, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Third Edition gives you detailed instruction on how to conduct a security risk assessment effectively and efficiently, supplying wide-ranging coverage that includes security risk analysis, mitigation, and risk assessment reporting. The third edition has expanded coverage of essential topics, such as threat analysis, data gathering, risk analysis, and risk assessment methods, and added coverage of new topics essential for current assessment projects (e.g., cloud security, supply chain management, and security risk assessment methods). This handbook walks you through the process of conducting an effective security assessment, and it provides the tools, methods, and up-to-date understanding you need to select the security measures best suited to your organization. Trusted to assess security for small companies, leading organizations, and government agencies, including the CIA, NSA, and NATO, Douglas J. Landoll unveils the little-known tips, tricks, and techniques used by savvy security professionals in the field. It includes features on how to Better negotiate the scope and rigor of security assessments Effectively interface with security assessment teams Gain an improved understanding of final report recommendations Deliver insightful comments on draft reports This edition includes detailed guidance on gathering data and analyzes over 200 administrative, technical, and physical controls using the RIIOT data gathering method; introduces the RIIOT FRAME (risk assessment method), including hundreds of tables, over 70 new diagrams and figures, and over 80 exercises; and provides a detailed analysis of many of the popular security risk assessment methods in use today. The companion website (infosecurityrisk.com) provides downloads for checklists, spreadsheets, figures, and tools.







United States Policy in the Far East


Book Description




Building a Comprehensive IT Security Program


Book Description

This book explains the ongoing war between private business and cyber criminals, state-sponsored attackers, terrorists, and hacktivist groups. Further, it explores the risks posed by trusted employees that put critical information at risk through malice, negligence, or simply making a mistake. It clarifies the historical context of the current situation as it relates to cybersecurity, the challenges facing private business, and the fundamental changes organizations can make to better protect themselves. The problems we face are difficult, but they are not hopeless. Cybercrime continues to grow at an astounding rate. With constant coverage of cyber-attacks in the media, there is no shortage of awareness of increasing threats. Budgets have increased and executives are implementing stronger defenses. Nonetheless, breaches continue to increase in frequency and scope. Building a Comprehensive IT Security Program shares why organizations continue to fail to secure their critical information assets and explains the internal and external adversaries facing organizations today. This book supplies the necessary knowledge and skills to protect organizations better in the future by implementing a comprehensive approach to security. Jeremy Wittkop’s security expertise and critical experience provides insights into topics such as: Who is attempting to steal information and why? What are critical information assets? How are effective programs built? How is stolen information capitalized? How do we shift the paradigm to better protect our organizations? How we can make the cyber world safer for everyone to do business?