Boards and business leaders expect their key advisors to deliver fresh insights, and increasingly expect them to demonstrate foresight. To achieve what is expected, it is crucial to understand the dynamics of conversations in the boardroom and around the audit committee table. This book provides those unique perspectives. The journey from the ‘mailroom to the boardroom’ follows the story of a young banker who moved into the internal auditing profession as part of the ‘new breed’, then rose through the ranks into senior leadership and chief audit executive roles, before assuming audit committee and board roles that had an immense influence on governance, risk, compliance, and audit professionals. Success does not always follow a smooth and uneventful trajectory, and this story reflects insights from both the ups and the downs of the journey. Each chapter shares insights, better practices, case studies, practical examples, and real-life challenges and draws them together into 101 building blocks, each one providing crucial career-long learnings. The storytelling provides insights to people at all levels on the importance of positioning oneself to step into leadership roles, helps them understand how to evaluate and pursue potential career growth opportunities, provides tips on how to holistically manage and advance their career, and inspires higher-level thinking that enhances governance, risk, compliance and audit practices.

Independent directors of corporate boards understand the importance of cyber security as a business issue. Increased regulatory requirements, the onslaught of breaches, as well as the replacement of the corporate network perimeter with more third-party partnerships have all contributed to cyber security rising to the top of enterprise risks. Yet, many directors only receive a few brief cyber security updates during the year. Moreover, many directors have devoted their careers to other important business disciplines and may not fully grasp the technical concepts of cyber security. The challenge is that many publications on board cyber security governance address the topic at such a high level that it removes the important context of the cyber security details—or covers the topic too deeply with hard-to-understand technical language. These resources may often provide lists of security questions for directors to ask of their management team, but they do not provide the answers to the questions so that actionable oversight can be performed. What I would have wanted, and why you are probably reading this book summary, is a resource that delivers the questions to ask but also provides the answers and in a narrative, easy-to-understand style. An award-winning Chief Information Security Officer with over two decades of working with multiple Fortune 500 boards, Lee Parrish provides an example-laden vision to improve cyber security governance in the boardroom. Additionally, Lee deciphers the technical jargon to increase the reader’s cyber fluency—not to make you a cyber expert but to help you be able to ask direct questions, understand the answers provided, challenge strategies, and advise on important cyber decisions. Pick up your copy of The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security today and start your journey on achieving more effective cyber security oversight. Want to learn more? Please visit www.novelsecurity.com

Leaders across the globe have a common challenge they cannot ignore: CHANGE. This must be embraced and effectively managed to remain relevant and successful in a dynamic operating environment. Embracing change, including technological innovations, collaboration, and timely sharing of information, is paramount to the survival and success of everyone in an ever-changing environment. In times of rapid change, organizations are often forced to adjust their strategic plans. Stakeholders usually need assistance to effectively manage the risks, unprecedented at times, and to capitalize on the opportunities that usually come with change. Change management must be effectively executed to assist in ensuring the viability of the organization. This book provides advice and guidance to assist stakeholders in navigating the challenges and demands of change. It includes insights, measures, and tools that have contributed to my success as a leader in the internal audit profession for 27 years.

In one modest-sized volume, this book offers three valuable sets of knowledge. First, it provides best practice guidance on virtually every large-scale task a modern manager may be involved in—from recruiting and hiring to onboarding and leading teams, and from employee engagement and retention to performance management and working with difficult employees. Second, it explains the essential concepts and practice of a range of effective leadership styles—including (but not limited to) servant leadership, crisis leadership, change agent leadership, and diversity and inclusion leadership. Third, it offers brief case studies from select CISOs and CSOs on how these management and leadership principles and practices play out in real-life workplace situations. The best practice essentials provided throughout this volume will empower aspiring leaders and also enable experienced managers to take their leadership to the next level. Many if not most CISOs and other leaders have had very little, if any, formal training in management and leadership. The select few that have such training usually obtained it through academic courses that take a theoretical, broad brush approach. In contrast, this book provides much actionable guidance in the nitty-gritty tasks that managers must do every day. Lack of management practical knowledge puts CISOs and CSOs at a disadvantage vis-a-vis other executives in the C-suite. They risk being pigeonholed as “security cops” rather than respected business leaders. Many articles on these subjects published in the press are too incomplete and filled with bad information. And combing through the few high-quality sources that are out there, such as Harvard Business Publishing, can take hundreds of dollars in magazine subscription and book purchase fees and weeks or months of reading time. This book puts all the essential information into your hands through a series of concise chapters authored by an award-winning writer.

"Ulf Mattsson leverages his decades of experience as a CTO and security expert to show how companies can achieve data compliance without sacrificing operability." Jim Ambrosini, CISSP, CRISC, Cybersecurity Consultant and Virtual CISO "Ulf Mattsson lays out not just the rationale for accountable data governance, he provides clear strategies and tactics that every business leader should know and put into practice. As individuals, citizens and employees, we should all take heart that following his sound thinking can provide us all with a better future." Richard Purcell, CEO Corporate Privacy Group and former Microsoft Chief Privacy Officer Many security experts excel at working with traditional technologies but fall apart in utilizing newer data privacy techniques to balance compliance requirements and the business utility of data. This book will help readers grow out of a siloed mentality and into an enterprise risk management approach to regulatory compliance and technical roles, including technical data privacy and security issues. The book uses practical lessons learned in applying real-life concepts and tools to help security leaders and their teams craft and implement strategies. These projects deal with a variety of use cases and data types. A common goal is to find the right balance between compliance, privacy requirements, and the business utility of data. This book reviews how new and old privacy-preserving techniques can provide practical protection for data in transit, use, and rest. It positions techniques like pseudonymization, anonymization, tokenization, homomorphic encryption, dynamic masking, and more. Topics include Trends and Evolution Best Practices, Roadmap, and Vision Zero Trust Architecture Applications, Privacy by Design, and APIs Machine Learning and Analytics Secure Multiparty Computing Blockchain and Data Lineage Hybrid Cloud, CASB, and SASE HSM, TPM, and Trusted Execution Environments Internet of Things Quantum Computing And much more!

Most people dread writing reports; they also dread reading reports. What they don’t realize is that the techniques that make writing more readable make it more powerful. This is especially relevant for professionals in areas such as audit, risk, compliance, and information security. This small volume provides the tools and techniques needed to improve reports. It does so through addressing crucial concepts all too often overlooked in the familiar rush to perform tasks, complete projects, and meet deadlines. These concepts – the role of culture in communication; the link between logic and language; the importance of organizing thoughts before writing; and how to achieve clarity – may seem academic or theoretical. They’re not. Unless writers understand their own thoughts, actions, and objectives, they cannot hope to communicate them at all – let alone clearly.

Auditing at the speed of risk requires internal auditors to rethink the way we work. Agile auditing provides a path forward that blends the best elements from agile project management and internal audit best practices. Leaders in internal audit are ready to incorporate an agile audit mindset in their departments, but most of the available resources provide theoretical ideas. Even when outside consultants lead an agile transition, the consultants primarily focus on adding agile ceremonies without addressing the fundamental mindset change required for an agile audit transformation. This book provides a practical guide for audit leaders to follow as a playbook for implementing agile across their department, impacting every facet of the audit lifecycle, and addressing the mental shift required for making a lasting change. Every chapter includes discussion questions to facilitate discourse or just to help you analyze your own department. Next, we look at a typical internal audit department as they attempt the transition from a traditional audit methodology to agile auditing so we can learn from their missteps and successes. The guidance in Agile Audit Transformation and Beyond includes the basics of agile auditing, practical directions for shifting each phase of the audit life cycle, common hurdles faced during the transition, and forward-looking thought leadership on expanding beyond internal audit into agile assurance.