Customer Reviews

Information Security Roles & Responsibilities Made Easy, Version 2

5 star:		(2)
4 star:		(1)
3 star:		(0)
2 star:		(0)
1 star:		(0)

 

 

This is a difficult book to review because it is meant to be a resource, not something you read on an airplane. I have passed this around to some of students and fellow SANS instructors and tried to get some of their feedback as well.

The greatest contribution this book makes is a discussion of organization structure, who should report to who and why. This is something that has been desparately needed in the industry and if this book is successful in the marketplace, I would like to see some additional research and have this already excellent resource expanded.

The job descriptions are also wonderful, we have many names for the same position and I would hope that over time, this book can help us develop a common terminology.

Who needs this book? It is designed to be licensed to organizations and as a rough rule of thumb, any organization with an IT department of 25 people or more could benefit from this book.

We had to create a security organization for a financial institution and as a part of the job, we had to define the roles and responsbilities. This book was extremely useful for me.

I am the CISO of a regional Latin American Bank, and I used this book almost inmediately to define a project of defining information security roles in my organization. Even though some of the roles have to be changed due to the nature of the organization, and the internal politics that are at stake, I consider this book almost a "best practice" for information security. It helps you implement Information security infraestructure, and to show the importance of it to top management. Now, my organization is paying more attention to InfoSec, and the roles of the people are clearer in respecto to InfoSec.