The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program

Management

communicating with, 33–39

project, 108, 223–226

questions company managers should ask InfoSec professionals, 43–44

risk, 50, 108, 149–151, 183–185

Man-made/malicious threat agents, 55–66

Man-made/malicious threats, 48, 53, 54–55

Marketing yourself, 317–325

Matrix mapping, 123

Mentoring, 314

Metrics

analysis, 236–237

defined, 196

definition of InfoSec, 196–197

Metrics management, InfoSec

cost avoidance, 217–218

defined, 197–200

downsizing, 218–223

Education Awareness and Training Program (EATP), 133, 214–217

granting users access to systems, 205–206

noncompliance inquires and, 207–211

number of system users, 201–205

project management, 108, 223–226

security tests, 185–186, 211–214

uses for, 206–207

Mind of the Strategist, The (Ohmae), 33

Mission statements, 92, 107

MIS Training Institute (MISTI), 305

Motivation

man-made threat agents and, 59, 72–74

man-made threats and, 54

threat factors, 70–72