REVIEW: "Security Governance", Fred Cohen
- BKSECGOV.RVW 20061110
"Security Governance", Fred Cohen, 2005, 1-878109-37-5
%A Fred Cohen http://all.net
%C 572 Leona Dr, Livermore, CA 94550
%I Fred Cohen and Associates
%O 925-454-0171 all.net
%O Audience a Tech 1 Writing 2 (see revfaq.htm for explanation)
%P 96 p.
%T "Security Governance: Business Operations, Risk Management, and
Enterprise Security Architecture"
Most of the security frameworks available are in the form of a
checklist, so why shouldn't Cohen's CISO Toolkit (see also
BKCISOGG.RVW for the "Governance Guidebook" and BKCISOHB.RVW for "The
CISO Handbook") have one?
In fact, Cohen's version may be considerably easier to understand and
use, particularly for those with a business, rather than a security,
background. While most security frameworks are structured according
to a taxonomy of security concepts, the checklist in "Security
Governance" is based on business models and concepts. For example,
the four major divisions are made on the basis of business functions
and modelling, oversight, business risk management, and enterprise
security management. Therefore, the businessperson working through
the points will start with the familiar, and only later have to face
items directly discussing security. (Even then, the security issues
are those regarding the position and management of security within the
Regardless of other security frameworks that you may use, Cohen's
checklist will be of value. While many items will have relations to
details in other indices, the articles and entities in "Security
Governance" address a number of issues that are not found in most
security frameworks. Let's face it: regardless of the emphasis or
perspective, security frameworks tend to follow the same general
outline. Cohen's work is idiosyncratic--and, in this case, that's a
Also, most security frameworks give you a checklist of about 135 items
for roughly U$150: Cohen gives you over 900 points for U$49.00.
copyright Robert M. Slade, 2006 BKSECGOV.RVW 20061110
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
If all the world is a stage, where is the audience sitting?
Dictionary of Information Security www.syngress.com/catalog/?pid=4150