Customer Reviews


12 Reviews
5 star:
 (8)
4 star:
 (3)
3 star:    (0)
2 star:
 (1)
1 star:    (0)
 
 
 
 
 
Average Customer Review
Share your thoughts with other customers
Create your own review
 
 

The most helpful favorable review
The most helpful critical review


12 of 13 people found the following review helpful
4.0 out of 5 stars Great resource, but boring at times
A fun book on security for executives and managers? Unbelievable, you'd say? This one ("The Executive Guide to Information Security") comes pretty close.

On the down side, do not look at this book for technology coverage. Almost total lack of coverage of intrusion prevention, spyware, spam as well as some Symantec bias (understandable, considering the...
Published on February 9, 2005 by Dr Anton Chuvakin

versus
0 of 1 people found the following review helpful
2.0 out of 5 stars Pitched at the wrong audience
I have been trying to figure out what kinds of 'executive' would appreciate this book: hardly any of the senior business execs that I know would welcome its descriptions of security architectures, leaving that kind of technical detail to their managers and professionals. That stuff would be way down in the weeds as far as most are concerned.

On the other hand,...
Published 22 months ago by Dr. G. Hinson


‹ Previous | 1 2 | Next ›
Most Helpful First | Newest First

12 of 13 people found the following review helpful
4.0 out of 5 stars Great resource, but boring at times, February 9, 2005
This review is from: The Executive Guide to Information Security: Threats, Challenges, and Solutions (Paperback)
A fun book on security for executives and managers? Unbelievable, you'd say? This one ("The Executive Guide to Information Security") comes pretty close.

On the down side, do not look at this book for technology coverage. Almost total lack of coverage of intrusion prevention, spyware, spam as well as some Symantec bias (understandable, considering the publisher) make this book much stronger on the policy, process and "big picture" coverage rather on modern technical threats and countermeasures. Slightly confusing coverage of vulnerability management also falls in the same category. However, given the target audience of CEOs and CFOs, this is certainly excusable.

The book introduces the executives to basic security concepts such as "defense-in-depth", "people, process, technology", etc, and goes into details on using them for organizing security for their organizations.

I also appreciated the sections on planning and executing a security strategy and measuring security by using various included checklists and questionnaires. 50-point security evaluation framework based on"best practices" was another valuable piece. The books also address one of the important questions of organizational security: in-house vs outsourced security.

Regulations and laws also occupy a significant part of the book. The coverage is high-level and provides few details, appropriate given the target audience. A section on future security was pretty insightful and enjoyable to read!

Overall, I think the book will be one of the first (and, so far, best) books about security for the "C-level" crowd.

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II". In his spare time, he maintains his security portal info-secure.org
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


9 of 11 people found the following review helpful
5.0 out of 5 stars Excellent Reference for Executive Management, November 7, 2004
This review is from: The Executive Guide to Information Security: Threats, Challenges, and Solutions (Paperback)
Mark Egan and Tim Mather have done a great job in my opinion of boiling the wide range of topics and information related to corporate network security down to an "executive summary" highlighting the key areas that executive leadership needs to understand in order to make decisions and lead effectively.

This book provides an overview of the history and current state of information security and an appropriate amount of detail for an executive to understand trends in technologies and threats and how to assess risks, hire competent I.T. staff and a general overview of best practices and practical solutions.

The appendices provide a wealth of additional information such as template job descriptions for specific I.T. roles and a listing of information security web sites for reference.

This book covers a little about a lot, and even that lot is aimed at managers and executive leadership. Don't get this book if you are looking for details about any aspect of computer security or even if you are looking for a comprehensive, broad coverage of information security for the "working class". For executive leaders looking to gain an understanding of I.T. to ensure that their networks are properly protected though this is an excellent resource.

[...]
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


2 of 2 people found the following review helpful
4.0 out of 5 stars More Phishing Analysis, December 17, 2004
This review is from: The Executive Guide to Information Security: Threats, Challenges, and Solutions (Paperback)
The authors write a timely management level briefing on the current key issues in information security. Directed at not just the CEO of any company, as the cover might suggest. The audience of this book arguably includes not just executives involved in IT, but also the technical IT personnel themselves who may, or rather, will, confront such issues on a daily basis.

Perhaps the most important section is Chapter 8, discussing future threats. It starts with an example of a phishing attack on a company. The chapter then goes onto describe possible trends in attacks over the next few years. Sadly, once past the phishing example, the chapter does not talk any more about phishing. Given the realities of book publishing, the chapter was probably written in the first half of 2004. Yet as 2004 draws to a close, it has seen a huge global rise in phishing. So the chapter is already somewhat dated, through no fault of the authors.

Were the chapter to be rewritten now (December 2004), I imagine phishing would, or should, receive far more detailed scrutiny. While it might be objected that phishing is only one type of attack, its current direct monetary costs to banks and the month on month rise in the frequency of attacks make it a prime menace.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


3 of 4 people found the following review helpful
5.0 out of 5 stars Should be the basis of an executive study group, December 19, 2004
This review is from: The Executive Guide to Information Security: Threats, Challenges, and Solutions (Paperback)
An effective security policy can only be the result of a systemic operation, which means that it must be supported at the executive level. To be supported, it must first be understood, therefore all executives must have a broad knowledge of the need for security and some of the particulars as to how it is implemented. This book provides that information.

While it is necessary to use some technical jargon in order to explain the basics of computer security, it is kept to a minimum. The three components of an effective security program: people, process and technology are each explained in a separate chapter. There are several questionnaire/checklist style worksheets, where you can fill them in and get some idea regarding the current status of your company. These are excellent ways to get a snapshot of how vulnerable your company is. One simple addition that many executives will find valuable is a collection of example job descriptions for security personnel. These positions are difficult to describe and fill, so even the smallest bit of assistance is of great value.

There are very few books that should be the subject of a study group of the executives of a company. This is one of them, each executive should be given a copy, and then forced to read and study it as a group. It is one of the few ways to guarantee that security is given the consideration that all executives need to apply. In these dangerous times, failure to do so can literally be a matter of life and death for some companies.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5.0 out of 5 stars An Executive-level Resource..., April 29, 2008
Verified Purchase(What's this?)
This review is from: The Executive Guide to Information Security: Threats, Challenges, and Solutions (Paperback)
Mark Egan's 2004 "The Executive Guide to Information Security" is, as promised, an executive guide, written in layman's language, for planning and executing information security policy in a corporate environment. Egan clearly understands the basics of good security planning and the challenges of the information environment in which business now operates; he marries the two to provide a step by step guide for the busy corporate executive.

Egan provides a framework and the necessary explanations to allow the business executive to understand the information security perimeter of his business. He identifies the essential components of a successful information security program and the information tools available to defend the business enterprise. The step by step development and execution of an information security program reinforces the importance of active ownership of the program and its results within the company or corporation, and the importance of ensuring that the security program facilitates the business of the business. Egan emphasizes the need for good metrics and constant monitoring; the successful information security program is a dynamic one.
Egan's guide is oriented on the business executive who thinks he needs an information security program (hint: he or she almost certainly does). Information technology tech-heads will find the book less specific on actual threats and countermeasures; any book published in 2004 would already be out of date at that level of detail.

"The Executive Guide to Information Security" is very highly recommended as a basic guide to the threats, challenges, and solutions of an information technology-based business environment.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4.0 out of 5 stars Good Resource, March 4, 2007
This review is from: The Executive Guide to Information Security: Threats, Challenges, and Solutions (Paperback)
As malware and other vicious threats evolve, security professionals must stay abreast of the methods and strategies used to mitigate them. If you're looking for additional information to strengthen your security management posture, this book will get you started. The only downside is the lack of "deeper" information on phishing. Phishing is becoming a prominent threat to organizations, and requires the immediate attention of executives and security specialists.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


3 of 5 people found the following review helpful
5.0 out of 5 stars Security policies and procedures, December 28, 2004
This review is from: The Executive Guide to Information Security: Threats, Challenges, and Solutions (Paperback)
Definitely not the book to take to the beach with you, but a good book all the same. The author lays out in a comprehensive way an organization wide process to develop a secure information structure. The insights range from high level strategies, to lower level tactics, with a few very practical examples thrown in here and there.

Information security should be a critical concern of today's high-tech organizations. But so often it is forgotten, or relegated into obscurity because there was too much process or the security was too intrusive. The author strikes a good, pragmatic balance between convenience and security here.

The book is a short, easy read. Really a must read for CIOs and a should read for CEOs.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


2 of 4 people found the following review helpful
5.0 out of 5 stars This Book Is The Corner Stone of Your Security Initiative, August 21, 2005
This review is from: The Executive Guide to Information Security: Threats, Challenges, and Solutions (Paperback)
This guide on security is OUTSTANDING. No one book can embody everything; however, this short but powerful book should encourage every person in our organization to accept responsibility for security.

If you are looking to continue the growth and development of your team (as well as improved security for your organization) then buy and distribute several copies of this book.

I sincerely believe that the experience and information that this book offers can help any organization to become better and more effective at security management.

Dean Lane

CEO Varitools, Inc.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


0 of 1 people found the following review helpful
2.0 out of 5 stars Pitched at the wrong audience, August 26, 2012
Verified Purchase(What's this?)
This review is from: The Executive Guide to Information Security: Threats, Challenges, and Solutions (Paperback)
I have been trying to figure out what kinds of 'executive' would appreciate this book: hardly any of the senior business execs that I know would welcome its descriptions of security architectures, leaving that kind of technical detail to their managers and professionals. That stuff would be way down in the weeds as far as most are concerned.

On the other hand, execs are concerned with the big picture, meaning things such as: developing and aligning security with other strategies, objectives and approaches (e.g. risk management and compliance); long-term planning and improvement, perhaps including offensive as well as defensive security strategies; security governance and accountability for information assets; business continuity; adoption of international security standards and certification; structuring, funding and resourcing for the security function; and security metrics. Most of these are covered but not particularly well: the coverage is light in comparison to the lengthy descriptions of 'gateway/client/server security', for example.

The matter-of-fact coverage is, frankly, so boring that it seems unlikely to fire up an exec's imagination enough to get them truly engaged with security, or appreciate its value as a business support/enabling function - but maybe that's just a reflection of my personal reading preferences. I have no complaints regarding the grammar and spelling, however.

Despite the title, the book covers IT rather than information security: it is very technology-centric. Possibly the book would be useful for a new CISO, CSO or Information Security Director who lacks the technical background in IT and IT security, but that's a narrow audience segment. It might also be of value to inexperienced IT or (perhaps) Information Security Managers and other professionals in the security function, along with students studying towards their CISSP or CISM exams or hoping to 'get into security'. More qualified and experienced security professionals would have the opposite problem to the execs, in that the book's coverage is too superficial, selective and (now) outdated to be a worthwhile text.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4 of 8 people found the following review helpful
5.0 out of 5 stars Lives up to it's title, March 24, 2005
By 
"cnantais" (Ontario, Canada) - See all my reviews
This review is from: The Executive Guide to Information Security: Threats, Challenges, and Solutions (Paperback)
This book is a very useful tool for getting non-IT executives to understand the imperative behind maintaining an information security management program.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


‹ Previous | 1 2 | Next ›
Most Helpful First | Newest First

Details

The Executive Guide to Information Security: Threats, Challenges, and Solutions
$44.99 $26.31
In Stock
Add to cart Add to wishlist
Search these reviews only
Rate and Discover Movies
Send us feedback How can we make Amazon Customer Reviews better for you? Let us know here.