Security Battleground an Executive Field Manual – Good Read!
Just read a fantastic new book called Security Battleground an Executive Field Manual. The book was given to me by a friend at McAfee. It was written by a group of folks at McAfee responsible for Technicat Opertations, and Consulting.
Here is a quick synopsis of the book: Security has evolved from a tactical IT concern to boardroom-level dilemma. This transition has challenged many executives who are now obligated to protect their organization’s critical assets. Security Battleground: An Executive Field Manual provides guidance to any executive who find themselves shouldering oversight responsibility for information security. The Security Battleground team-of-authors designed this book to provide practical advice for security-obligated executives, that is, for business executives with or without formal backgrounds in security processes or technologies. Security Battleground provides ways in which executives can evaluate information security with a mix of examples, exercises, and lessons learned. The case studies and exercises are based on the authors’ extensive hands-on experience with security-obligated executives, Chief Information Security Officers (CISOs), and members of security teams.
All I can say is bravo to the authors of this book. I am technical person and the one thing technical people do not always do well is interface with executives. Whether that is during meetings or when trying to get a prove a point in a report. This book deals with areas like measuring and organization’s security maturity (and dealing with “shiny new ball syndrome”), strategic security planning, assessing risk in “plain english” and my favorite, how to measure success through metrics and reporting. The book provides some great examples and well layed our charts and diagrams to go with it.
They provide a code to allow you to access a digital version of the book along with some other great content such as example budget worksheets, PowerPoint presentations, whitepapers, etc.
This is definately one of the top 10 books on my shelf. Although this is written by McAfee/Intel, there is no real advertising in the book and the books makes no reference to anything they sell, it is really a book about interfacing with the executive.
If you are interested in getting this book, and you don’t have a friend at McAfee to get you one, you can buy it on Amazon for $49.95. Some examples from the book – Riches, Ruins & Regulation — An Exercise to Recognize and Capture Security Risk and Developing a Security Strategy.
By Peter Morin (email@example.com)