Average Reviews:
(More customer reviews)A fun book on security for executives and managers? Unbelievable, you'd say? This one ("The Executive Guide to Information Security") comes pretty close.
On the down side, do not look at this book for technology coverage. Almost total lack of coverage of intrusion prevention, spyware, spam as well as some Symantec bias (understandable, considering the publisher) make this book much stronger on the policy, process and "big picture" coverage rather on modern technical threats and countermeasures. Slightly confusing coverage of vulnerability management also falls in the same category. However, given the target audience of CEOs and CFOs, this is certainly excusable.
The book introduces the executives to basic security concepts such as "defense-in-depth", "people, process, technology", etc, and goes into details on using them for organizing security for their organizations.
I also appreciated the sections on planning and executing a security strategy and measuring security by using various included checklists and questionnaires. 50-point security evaluation framework based on"best practices" was another valuable piece. The books also address one of the important questions of organizational security: in-house vs outsourced security.
Regulations and laws also occupy a significant part of the book. The coverage is high-level and provides few details, appropriate given the target audience. A section on future security was pretty insightful and enjoyable to read!
Overall, I think the book will be one of the first (and, so far, best) books about security for the "C-level" crowd.
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II". In his spare time, he maintains his security portal info-secure.org
Click Here to see more reviews about: The Executive Guide to Information Security: Threats, Challenges, and Solutions
The book provides a pragmatic approach to evaluating security at a companyand putting together an effective information security program. The bookfocuses on three key themes; People, Processes, and Technology and isorganized according to the steps executives would follow in order to developan information security program for their company. Key elements of theprogram include staffing this function at a company, putting the necessaryinternal processes in place, and implementing the appropriate technology.Business executives will find this book a good primer for understanding the keyexisting and future security issues, and for taking the necessary action to ensurethe protection of their enterprise's information assets.The objective of this book is to provide a "short cut" for executives to learnmore about information security and how it will affect their business in thefuture. An overview of information security concepts is provided, so they canbe better prepared to evaluate how their company is addressing informationsecurity.
Get 31% OFF
No comments:
Post a Comment