This trend report provides security executives and practitioners with an overview of the benefits of using web-based applications and tools in the workplace and their security risks. Web-based applications are being used by businesses more and more each year for purposes of improved communication with employees and customers, group collaboration, and marketing and publicity outreach. The benefits of web-based applications for business are many, but so too are the risks associated with them. Data leakage, information manipulation, malware, and authentication security are just a few of the cyber threats discussed in this report. It is critical to weigh the pros and cons of implementing a web-based application in the workplace and plan accordingly to mitigate risk. This report is a valuable resource for any security professional who is considering the adoption of a web-based application for corporate use. The Benefits and Security Risks of Web-Based Applications for Business is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Provides security executives and practitioners with an overview of how companies have begun to adopt web-based applications and tools for employee use Describes the benefits of web-based applications and warns of the potential risks associated with their use in the workplace Includes practical recommendations to mitigate the risks of web-based applications
Nine Practices of the Successful Security Leader lays out a series of best practices for security managers. Collected from interviews with security leaders at public and private sector organizations, ranging from small- and mid-size all the way up to large international entities, these practices are a sampling of what is vital and what works. Recommendations such as close communication with management, alignment of security agendas with business goals, and creating internal awareness programs are just some of the effective initiatives detailed in the report. With this information, security professionals can gain insight into the practices of their peers, measure their own success, and mentor junior colleagues. Nine Practices of the Successful Security Leader is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Based on extensive interviews performed by the Security Executive Council with today’s top security leaders Summarizes the insights taken from these interviews into nine practical ideas Provides actionable advice and strategies for earning the respect and trust of senior management and colleagues
Developing a Comprehensive Security Program answers the question common among security managers, "What is a model security program, and how does our program compare to it?" In this seven-minute Proven Practices presentation, narrator Elizabeth Lancaster outlines the baseline elements of a security program, which have been defined by experienced Security Executive Council members and research. This presentation is not sector-specific--meaning it's applicable for all organizations and industries. In addition to the baseline security program elements, Lancaster also discusses business-aligned program elements, program characteristics, a program maturity model, and the skills and knowledge the security department needs to possess. Developing a Comprehensive Security Program may be used as a benchmark for existing programs and to educate senior management. It also provides a general understanding of the security function as it currently exists. Developing a Comprehensive Security Program is a part of Elsevier's Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. The seven-minute, visual PowerPoint presentation with audio narration format is excellent for group learning Information is drawn from the many years of collective knowledge and experience of the Security Executive Council community Identifies program characteristics and the knowledge areas and skills security leaders should possess
The International Security Programs Benchmark Report presents and analyzes the findings of a broad survey conducted by the Security Executive Council of corporate international security programs. The report identifies the types of international security baseline programs in place for a range of company sizes, and describes the organizational perception of security’s role and capability. The data suggest that international security programs are greatly affected by the company size and the location of the security department within the organization, whether as part of the executive, legal, or human resources function.Security leaders can gain valuable insights from this report regarding the scope of international security programs at key corporations with contextualized comparison points for evaluating their own programs.The International Security Programs Benchmark Report is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Summarizes the key points of a broad survey on international security programs conducted by the Security Executive Council Breaks down survey responses by company size and functional location of security within the organization Provides insight into other organizations’ existing international security programs and services
Crisis Management at the Speed of the Internet provides security executives and practitioners with an overview of the potentially harmful impact of social media communication on corporate reputation. Within minutes, the online consumer community can propel a company into an image crisis, brand damage, and a financial disaster—even if the viral information isn’t factual. It is critical that an organization respond quickly and decisively to crises in online media. The report explores examples of companies that have experienced this kind of impact, and describes practical, strategic methods for mitigating and resolving a crisis, including cross-functional team readiness and internal communications training. It is a valuable resource for any security professional working to create or improve an existing corporate crisis management policy. Crisis Management at the Speed of the Internet is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Provides security executives and practitioners with an overview of the potentially harmful impact of social media communication on corporate reputation Cites examples of companies that have experienced this kind of threat and describes the successes or failures of their responses Describes practical, strategic methods for mitigating and resolving a crisis
Bring Your Own Device (BYOD) to Work examines the emerging BYOD (Bring Your Own Device to work) trend in corporate IT. BYOD is the practice of employees bringing personally-owned mobile devices (e.g., smartphones, tablets, laptops) to the workplace, and using those devices to access company resources such as email, file servers, and databases. BYOD presents unique challenges in data privacy, confidentiality, security, productivity, and acceptable use that must be met proactively by information security professionals. This report provides solid background on the practice, original research on its pros and cons, and actionable recommendations for implementing a BYOD program. Successful programs are cross-functional efforts including information technology, human resources, finance, legal, security, and business operating teams. This report is a valuable resource to any security professional considering a BYOD program. Bring Your Own Device (BYOD) to Work is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Presents research data associated with BYOD and productivity in the workplace Describes BYOD challenges, risks, and liabilities Makes recommendations for the components a clearly communicated BYOD program should contain
This research report presents the findings of a broad survey of corporate security programs conducted by the Security Executive Council’s Security Leadership Research Institute (SLRI). The researchers' objective was to benchmark the state of the security industry in terms of organizational structure, budget, staff resources, board-level risk concerns, program drivers, and services provided. The level of responsibility each respondent reported for a list of 30 security programs or services is also compared across several organizational categories. This report can be used by security professionals for introspective analysis of the security team within their organizations, external review of the ways in which other organizations approach risk management, internal justification of security budgets and initiatives, and for performance metrics. Corporate Security Organizational Structure, Cost of Services and Staffing Benchmark is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Summarizes the key findings of a large survey on security programs conducted by the Security Executive Council’s Security Leadership Research Institute (SLRI) Breaks down survey responses by organization size, scope of responsibility, industry, and more in easy-to-read charts and tables Provides invaluable insight into other organizations’ existing security programs and services
The Business Continuity playbook provides the background and tools to create, manage, and execute all facets of an organization’s business continuity program (BCP). Business continuity planning is an activity performed daily by organizations of all types and sizes to ensure that critical business functions are available before, during, and after a crisis. This playbook guides the security leader through the development, implementation, and maintenance of a successful BCP. The text begins with a detailed description of the concept and value of business continuity planning, transitioning into a step-by-step guide to building or enhancing a BCP. Its 14 appendices, which include sample forms, templates, and definitions, make it an invaluable resource for business continuity planning. The Business Continuity playbook is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Answers the unavoidable question, "What is the business value of a business continuity program?" Breaks down a business continuity program into four major elements for better understanding and easier implementation Includes 14 appendices that provide sample forms, templates, and definitions for immediate adaptation in any business setting
Developing a Comprehensive Security Program answers the question common among security managers, "What is a model security program, and how does our program compare to it?" In this seven-minute Proven Practices presentation, narrator Elizabeth Lancaster outlines the baseline elements of a security program, which have been defined by experienced Security Executive Council members and research. This presentation is not sector-specific--meaning it's applicable for all organizations and industries. In addition to the baseline security program elements, Lancaster also discusses business-aligned program elements, program characteristics, a program maturity model, and the skills and knowledge the security department needs to possess. Developing a Comprehensive Security Program may be used as a benchmark for existing programs and to educate senior management. It also provides a general understanding of the security function as it currently exists. Developing a Comprehensive Security Program is a part of Elsevier's Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. The seven-minute, visual PowerPoint presentation with audio narration format is excellent for group learning Information is drawn from the many years of collective knowledge and experience of the Security Executive Council community Identifies program characteristics and the knowledge areas and skills security leaders should possess
The Business Continuity playbook provides the background and tools to create, manage, and execute all facets of an organization’s business continuity program (BCP). Business continuity planning is an activity performed daily by organizations of all types and sizes to ensure that critical business functions are available before, during, and after a crisis. This playbook guides the security leader through the development, implementation, and maintenance of a successful BCP. The text begins with a detailed description of the concept and value of business continuity planning, transitioning into a step-by-step guide to building or enhancing a BCP. Its 14 appendices, which include sample forms, templates, and definitions, make it an invaluable resource for business continuity planning. The Business Continuity playbook is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Answers the unavoidable question, "What is the business value of a business continuity program?" Breaks down a business continuity program into four major elements for better understanding and easier implementation Includes 14 appendices that provide sample forms, templates, and definitions for immediate adaptation in any business setting
Bring Your Own Device (BYOD) to Work examines the emerging BYOD (Bring Your Own Device to work) trend in corporate IT. BYOD is the practice of employees bringing personally-owned mobile devices (e.g., smartphones, tablets, laptops) to the workplace, and using those devices to access company resources such as email, file servers, and databases. BYOD presents unique challenges in data privacy, confidentiality, security, productivity, and acceptable use that must be met proactively by information security professionals. This report provides solid background on the practice, original research on its pros and cons, and actionable recommendations for implementing a BYOD program. Successful programs are cross-functional efforts including information technology, human resources, finance, legal, security, and business operating teams. This report is a valuable resource to any security professional considering a BYOD program. Bring Your Own Device (BYOD) to Work is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Presents research data associated with BYOD and productivity in the workplace Describes BYOD challenges, risks, and liabilities Makes recommendations for the components a clearly communicated BYOD program should contain
The International Security Programs Benchmark Report presents and analyzes the findings of a broad survey conducted by the Security Executive Council of corporate international security programs. The report identifies the types of international security baseline programs in place for a range of company sizes, and describes the organizational perception of security’s role and capability. The data suggest that international security programs are greatly affected by the company size and the location of the security department within the organization, whether as part of the executive, legal, or human resources function.Security leaders can gain valuable insights from this report regarding the scope of international security programs at key corporations with contextualized comparison points for evaluating their own programs.The International Security Programs Benchmark Report is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Summarizes the key points of a broad survey on international security programs conducted by the Security Executive Council Breaks down survey responses by company size and functional location of security within the organization Provides insight into other organizations’ existing international security programs and services
This trend report provides security executives and practitioners with an overview of the benefits of using web-based applications and tools in the workplace and their security risks. Web-based applications are being used by businesses more and more each year for purposes of improved communication with employees and customers, group collaboration, and marketing and publicity outreach. The benefits of web-based applications for business are many, but so too are the risks associated with them. Data leakage, information manipulation, malware, and authentication security are just a few of the cyber threats discussed in this report. It is critical to weigh the pros and cons of implementing a web-based application in the workplace and plan accordingly to mitigate risk. This report is a valuable resource for any security professional who is considering the adoption of a web-based application for corporate use. The Benefits and Security Risks of Web-Based Applications for Business is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Provides security executives and practitioners with an overview of how companies have begun to adopt web-based applications and tools for employee use Describes the benefits of web-based applications and warns of the potential risks associated with their use in the workplace Includes practical recommendations to mitigate the risks of web-based applications
This research report presents the findings of a broad survey of corporate security programs conducted by the Security Executive Council’s Security Leadership Research Institute (SLRI). The researchers' objective was to benchmark the state of the security industry in terms of organizational structure, budget, staff resources, board-level risk concerns, program drivers, and services provided. The level of responsibility each respondent reported for a list of 30 security programs or services is also compared across several organizational categories. This report can be used by security professionals for introspective analysis of the security team within their organizations, external review of the ways in which other organizations approach risk management, internal justification of security budgets and initiatives, and for performance metrics. Corporate Security Organizational Structure, Cost of Services and Staffing Benchmark is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Summarizes the key findings of a large survey on security programs conducted by the Security Executive Council’s Security Leadership Research Institute (SLRI) Breaks down survey responses by organization size, scope of responsibility, industry, and more in easy-to-read charts and tables Provides invaluable insight into other organizations’ existing security programs and services
Crisis Management at the Speed of the Internet provides security executives and practitioners with an overview of the potentially harmful impact of social media communication on corporate reputation. Within minutes, the online consumer community can propel a company into an image crisis, brand damage, and a financial disaster—even if the viral information isn’t factual. It is critical that an organization respond quickly and decisively to crises in online media. The report explores examples of companies that have experienced this kind of impact, and describes practical, strategic methods for mitigating and resolving a crisis, including cross-functional team readiness and internal communications training. It is a valuable resource for any security professional working to create or improve an existing corporate crisis management policy. Crisis Management at the Speed of the Internet is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Provides security executives and practitioners with an overview of the potentially harmful impact of social media communication on corporate reputation Cites examples of companies that have experienced this kind of threat and describes the successes or failures of their responses Describes practical, strategic methods for mitigating and resolving a crisis
Nine Practices of the Successful Security Leader lays out a series of best practices for security managers. Collected from interviews with security leaders at public and private sector organizations, ranging from small- and mid-size all the way up to large international entities, these practices are a sampling of what is vital and what works. Recommendations such as close communication with management, alignment of security agendas with business goals, and creating internal awareness programs are just some of the effective initiatives detailed in the report. With this information, security professionals can gain insight into the practices of their peers, measure their own success, and mentor junior colleagues. Nine Practices of the Successful Security Leader is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. Based on extensive interviews performed by the Security Executive Council with today’s top security leaders Summarizes the insights taken from these interviews into nine practical ideas Provides actionable advice and strategies for earning the respect and trust of senior management and colleagues
Thank you for visiting our website. Would you like to provide feedback on how we could improve your experience?
This site does not use any third party cookies with one exception — it uses cookies from Google to deliver its services and to analyze traffic.Learn More.