Change Is Needed
Foundation
What ESORMA is and is not
Every Business Has A CISO
Where to start?
Learn While βDoingβ
This Quick Start Guide Is Here For You
Continuing Professional Education
Practical And Pragmatic
The Common Problem
Loose Frameworks Are More Adaptable
Is Security A Cost? An Enabler? Or Profit Centre?
The ESORMA Membership
Wait Thereβs More!
What Alternatives Are There?
The Well-Architected GRC Framework
The Key Domains
ESORMA Summary
ESORMA Domain #1: Scope
How scoping is done
Categorisation:
Classification
Tools
The Information Asset Register
Geo-Mapping Tool
Information Flow Map
Fishbone Diagram
Case Study
Summary
Domain #1: Scope Questionnaire
ESORMA Domain #2: Priority
Two Ways To Measure Risk
Human Risk Factors
Key Tools
Job Rotation
Job Segregation
Key Risk Stages
Threats and Vulnerabilities
Risk Assessment & Prioritisation
The Five Major Components of Quantitative Risk Analysis
How To Calculate Risk
How To Invest In Safeguards Efficiently
Associated Safeguard Costs
Risk Registers
Case Study
FREE Bonus Chapter Resource
Summary
Domain #2: Priority Questionnaire
ESORMA Domain #3: Evaluate
Business Impact Analysis
The objective of the BIA is to help you in several areas:
Timing
Priority
The Benefits of Using A Form Driven Approach
Understanding Through Interviews
Business Procedures
Information Systems
Real Assets
RISK Appetite
Genuine Business Benefits
Impact Statements
Timing
Risk Treatment
Risk Acceptance Framework
FREE Bonus Chapter Resource
Summary
Domain #3: Evaluate Questionnaire
ESORMA Domain #4: Enable
Tools
Risk Communication
Risk Awareness Checklist
Documentation
Compliance
The PDCA: PLAN - DO - CHECK - ACT Walk through.
Resource Management
Controls
Summary
Domain #4: Enable Questionnaire
ESORMA Domain #5: Harden
Pre-Planning
Clarity
Capability
Disasters Happen
Business Continuity and Disaster Recovery (BC/DRP)
Business Continuity Management Lifecycle
Disaster Recovery
Disaster Recovery Plan Lifecycle
BCM/DRP Objectives
Summary
Domain #5: Harden Questionnaire
ESORMA Domain #6: Monitor
How monitoring is conducted
Strategy
Programme
Analysis
Response
Tools & Walk-through
SIEM
Continuous audit module
Manual audit logs
Heartbeat monitoring
Penetration Testing
Control objective evaluation
Summary
Domain #6: Monitor Questionnaire
ESORMA Domain #7: Operations
What is the alternative to a SOC?
Good security is invisible.
The Who ?
The How ?
The What ?
Tools
Case Studies
Summary
Domain #7: Operations Questionnaire
ESORMA Domain #8: Comply
Geographic locations
Contractual obligations
Organisational principles
Optional standards
How compliance is done
Compliance Tools
UCF (Unified controls framework)
CCM from the CSA
ESORMA GRC
Case Studies
Summary
Domain #8: Comply Questionnaire
EPILOGUE
The Book Plan
The ESORMA Platform
Introducing The Authors
Mustafa Ahmed
David White
Special Thanks
Finally