Book Overviews
Business Practical Security (The Manual)
Business Practical Security (The Security Architect)
Business Practical Security (Security Career Paths)
Welcome to the Business Practical Security Publications website. Are you the person or persons responsible for developing, implementing, maintaining, reassessing, or auditing your organization’s security program? Are you a member of a collegiate curriculum board, professor, instructor, or student requiring quality publications to add to your library for educational and reference purposes? If so, you have found key resources for developing, executing, and delivering on these important security projects and for use in educational purposes. Yes, there are many resources out there for you to use to develop, implement, and maintain an information security program to safeguard your information and computer assets. We recommend you evaluate and use those resources. Add the Business Practical Security Publications to your library of tools
The Business Practical Security Collection of Books outline and detail (A Proven Program & Business Model for Security). Included is a proven security framework and methodologies facilitating an Information Security Program.
Our program is currently in use by numerous organizations who have applied effective security controls with solid guidance to adjust and evolve security and risk management measures due to ever-changing business challenges.
Business Practical Security (The Manual)
The centerpiece of Business Practical Security Inc. is the Business Practical Security (The Manual) publication. Documented companywide security policies, standards, guidelines, and procedures are still and always will be the backbone or framework of an information security program. Without centralized security documentation, an information security program simply does not exist. (The Manual) is a template manual that has been used by our clients and ourselves to develop and implement information security programs for numerous organizations of every type. The following are a few examples:
| Financial | Legal | Medical | Government | Engineering | Manufacturing |
| Education | Religion | Nonprofits | Advertising | Broadcasting | Publishing |
For the most part the contents of the Business Practical Security Publications are not technology specific. However, they do dictate specific technology functionality and requirements. You must start from high level basics and work down. First, executive level mandates or requirements (policies) must be established. From there, security policies must be clearly defined and administered on an ongoing basis. You will find the integrated documentation defining the key elements of a successful information security program which includes:
- Documentation of Policies, Standards & Procedures
- Security Implementations, Reviews & Revisions
- Scheduled Security Testing & Auditing
- Formal Tracking & Executive Reporting
There are many information security policies, standards, procedures and template documentation packages or manuals from which to choose. We have evaluated and used many of them throughout the years. (The Manual) publication was developed, used, and evolved as a result. Therefore, it is a Proven Security Program & Business Model for Security. The diagram below illustrates the Business Practical Security Inc. program and business model depicting a series of processes, exercises, and/or testing requirements. In its entirety, it is a program and business model to apply security based on common and unique risks organizations face.
Business Practical Security (The Security Architect)
The author of the Business Practical Security (The Security Architect) publication (i.e., J. Brantley Briegel, Security Architect) provides you with real-world business scenarios, situations, template documentation and solutions for the challenges a security professional will face. He draws from his experience and history as a Security Architect detailing the learned strategies and approaches that are not necessarily covered in traditional textbook writings or educational classes.
His motivation for creating The Security Architect and other Business Practical Security Inc. publications is inspired by how much he personally would have benefited from publications such as these. At the time of this writing, he had never read any publications written by a Security Architect (e.g., experienced security manager/director/officer) outlining their experiences and providing insight based on those experiences.
Business Practical Security (Security Career Paths)
In this publication we discuss the various areas of discipline in the field and the numerous paths that lead a person to the level of a Subject Matter Expert in them.
You may already have a good understanding of the basic concepts and methodologies of an information security program. Regardless of the level of your understanding and/or experiences, this publication can be significantly valuable to you in several ways. The focus of the (Security Career Paths) is to outline and educate you on the business disciplines and areas of expertise necessary to become a Subject Matter Expert in the field of Information Security.
Achieving what would be considered a Subject Matter Expert in any field takes considerable time, formal education, historical research, study, and real-world application. This and other publications in the Business Practical Security Collection of Books will help you do just that.
Business Practical Security (Building a Successful Practice) – Coming Soon!
Using a combined fifty-plus years of experience, Michele Sperle and Brantley Briegel share their knowledge and experience on what it takes to build a successful security practice. Why walk into this without having the benefits of the history, experiences, insights, recommendations, and ideas of these veteran security professionals. The publication provides information on everything it takes to build successful security services, practices, and/or firms. It gives answers to questions and information such as:
- What are the minimum talents you must have to start a practice or firm?
- With that talent, what services can you provide?
- What are the funding options and opportunities that you need to make it happen?
- What kind of education, background, and experience must you have or build on?
- What partnering options should you consider?
- What are the Conflicts of Interests to avoid?
Business Practical Security (Guide & Handbook) – Coming Soon!
The Business Practical Security Inc. Collection of Books contain a wealth of knowledge and information that will prove extremely valuable to current and future security professions. The (Guide & Handbook) outlines the topics and categories in a fashion to assist instructors, teachers and/or professors to incorporate and/or customize their classes and training programs. The (Guide & Handbook) is equally as valuable for self-study application.
Business Practical Security (Incident Response) – Coming Soon!
Incident response planning is an integral element of an effective information security program. There are several levels and types of planning and activities related to incident response, incident monitoring, computer forensics and incident recovery. The (Incident Response) publication addresses this subject sharing lessons learned throughout the years of Business Practical Security Inc. experience.
Business Practical Security (Business Impact Assessment, Continuity & Disaster Recovery) – Coming Soon!
The Business Practical Security Inc. proven program and business model interfaces and intertwines with an organization’s business contingency planning initiatives. Backup and business resumption processes must be established based on formal business impact assessments performed in the business areas of the organization. The object of business impact assessments (BIAs) is to estimate the negative impact levels the organization would face should critical systems or information become unavailable. With the BIAs performed and information gathered, the organization can make informed decisions on their business continuity and disaster recovery plans.
Therefore, you will find a simple but effective business impact assessment procedure and form in Business Practical Security (The Manual). The administrative processes of an information flow risk assessment also included in (The Manual). Business impact assessment and information flow risk assessment are closely related to each other. This is because they focus on the same business functions or areas, although with different risk factors being evaluated.
In collaboration with Subject Matter Experts in the Business Contingency Planning field, Business Practical Security Inc. shares insight on security weakness surrounding the topic of business impact assessment, business continuity, and disaster recovery initiatives.
