Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Governance Guidebook", Fred Cohen

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKCISOGG.RVW 20051119 Governance Guidebook , Fred Cohen, 2005, 1-878109-34-0 %A Fred Cohen http://all.net %D 2005 %G 1-878109-34-0 %I ASP Press %O
    Message 1 of 1 , May 9, 2006
      BKCISOGG.RVW 20051119

      "Governance Guidebook", Fred Cohen, 2005, 1-878109-34-0
      %A Fred Cohen http://all.net
      %D 2005
      %G 1-878109-34-0
      %I ASP Press
      %O http://www.amazon.com/exec/obidos/ASIN/1878109340/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1878109340/robsladesin03-20
      %O Audience a+ Tech 1 Writing 2 (see revfaq.htm for explanation)
      %P 204 p.
      %T "Governance Guidebook"

      The very short section one of the Governance Guidebook explains that
      it is intended for the CISO (Chief Information Security Officer) of a
      large concern. Which is to say that the reader should be experienced
      in security and the management thereof. At that point one wonders
      what such a work would entail: presumably such a person would already
      know pretty much anything you could put into a book. This
      introduction then goes on to detail the organization of the guidebook.
      Section two is an overview of the structure of a security plan or
      protection strategy. It also notes that the illustrations in this
      section of the text are very busy and cluttered, but that careful
      study will make the situation clearer.

      All of this is true. This is definitely not your standard security
      textbook. It is extremely demanding of the reader, but will amply
      repay the effort put into using the volume. And I say "using," rather
      than merely "reading": this is a tome that requires application. Bed-
      time reading it is not.

      This is not a primer to be read quickly in one sitting. The
      illustrations are dense, and so is the text, but dense with meaning
      and import. This is a work to be worked through, a page or even a
      paragraph at a time. And then, when you are finished, work through it
      again. If you are a CISO it won't teach you anything--but it will
      remind you of things, practices, and procedures that have possibly
      been forgotten in the press of other urgencies. This volume becomes,
      therefore, an aide memoire for the strategic planning of information

      This is not to say that there are no details provided. Section three,
      entitled "Drill Down," provides greater depth to a number of the areas
      (one example is an intriguing use of the human life span to address
      personnel and human resources issues). The content does not deal with
      specific technical areas of security, but does provide a very solid
      overview of security management--or, if you prefer, governance.

      This is a handy and useful guide for those in the CISO position. It
      is destined to become well-thumbed, dirty, and dog-eared, over time.
      Those who are not yet into a CISO job will not recognize all of the
      value in its pages, yet. However, those who aspire to the calling
      would do well to get a start on learning from it.

      copyright Robert M. Slade, 2005 BKCISOGG.RVW 20051119

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Lately, the only thing keeping me from becoming a serial killer
      is my distaste for manual labor - Dilbert, 1/7/01
    Your message has been successfully submitted and would be delivered to recipients shortly.