Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Security Governance", Fred Cohen

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKSECGOV.RVW 20061110 Security Governance , Fred Cohen, 2005, 1-878109-37-5 %A Fred Cohen http://all.net %C 572 Leona Dr, Livermore, CA 94550 %D
    Message 1 of 1 , Jan 31, 2007
      BKSECGOV.RVW 20061110

      "Security Governance", Fred Cohen, 2005, 1-878109-37-5
      %A Fred Cohen http://all.net
      %C 572 Leona Dr, Livermore, CA 94550
      %D 2005
      %G 1-878109-37-5
      %I Fred Cohen and Associates
      %O 925-454-0171 all.net
      %O http://www.amazon.com/exec/obidos/ASIN/1878109375/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1878109375/robsladesin03-20
      %O Audience a Tech 1 Writing 2 (see revfaq.htm for explanation)
      %P 96 p.
      %T "Security Governance: Business Operations, Risk Management, and
      Enterprise Security Architecture"

      Most of the security frameworks available are in the form of a
      checklist, so why shouldn't Cohen's CISO Toolkit (see also
      BKCISOGG.RVW for the "Governance Guidebook" and BKCISOHB.RVW for "The
      CISO Handbook") have one?

      In fact, Cohen's version may be considerably easier to understand and
      use, particularly for those with a business, rather than a security,
      background. While most security frameworks are structured according
      to a taxonomy of security concepts, the checklist in "Security
      Governance" is based on business models and concepts. For example,
      the four major divisions are made on the basis of business functions
      and modelling, oversight, business risk management, and enterprise
      security management. Therefore, the businessperson working through
      the points will start with the familiar, and only later have to face
      items directly discussing security. (Even then, the security issues
      are those regarding the position and management of security within the

      Regardless of other security frameworks that you may use, Cohen's
      checklist will be of value. While many items will have relations to
      details in other indices, the articles and entities in "Security
      Governance" address a number of issues that are not found in most
      security frameworks. Let's face it: regardless of the emphasis or
      perspective, security frameworks tend to follow the same general
      outline. Cohen's work is idiosyncratic--and, in this case, that's a
      useful characteristic.

      Also, most security frameworks give you a checklist of about 135 items
      for roughly U$150: Cohen gives you over 900 points for U$49.00.

      copyright Robert M. Slade, 2006 BKSECGOV.RVW 20061110

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      If all the world is a stage, where is the audience sitting?
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
    Your message has been successfully submitted and would be delivered to recipients shortly.