Secure Reads: The Executive Guide to Information Security - Information Security Magazine

Secure Reads: The Executive Guide to Information Security

The Executive Guide to Information Security: Threats, Challenges, and Solutions
By Mark Egan with Tim Mather
268 pages, $34.99
Symantec Press

@exb

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

The Executive Guide to Information Security: Threats, Challenges, and Solutions
@exe

Shelves are overflowing with books that profess to guide CISOs through virtually any security challenge, from building an infosecurity organization from scratch to tightening existing security policies and processes. However, they're often inappropriate for C-level executives, who need concise, nontechnical, business-driven explanations of what information security really is, what's reasonable to expect from it and how their CISO is going to manage it. This is exactly what The Executive Guide to Information Security: Threats, Challenges, and Solutions delivers.

Mark Egan and Tim Mather have designed this book to follow a logical progression, starting with the "why" of security management: Why can't the IT department keep systems secure? What does security mean to our customers? How can it detract from (or enhance) our business? The book provides these answers in terms an executive will understand, using a combination of established management principles and simple analogies. Eschewing fear-mongering, the authors use more of a carrot than a stick approach that suits its target audience well.

Once establishing this foundation, The Executive Guide to Information Security devotes the bulk of its pages to laying out a high-level road map for maintaining a comprehensive in-house security program. There's a lot of information here about building effective security teams, leveraging existing resources and running ongoing programs, but it's probably not enough to implement a plan. The emphasis isn't on how to establish the program, but on what to expect from a CISO and how to best support security.

The book is most appropriate for U.S.-based medium- to large-sized enterprises. Executives of small or foreign organizations should probably look elsewhere.

The Executive Guide to Information Security demands absolutely no previous technical or security background, but imparts a surprising amount of information without drowning the reader in a sea of jargon. This must-read book is a near-perfect executive summary of security challenges and practices, with an emphasis on the business and regulatory environment in which security operates.

This was first published in March 2005