|Print List Price:||$44.95|
Save $6.00 (13%)
CISO Desk Reference Guide: A Practical Guide for CISOs [Print Replica] Kindle Edition
|New from||Used from|
|Format: Print Replica|
- Due to its large file size, this book may take longer to download
See the Best Books of the Month
Want to know our Editors' picks for the best books of the month? Browse Best Books of the Month, featuring our favorite new books in more than a dozen categories.
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Customers who bought this item also bought
Would you like to tell us about a lower price?
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
From the excellent discussion of the evolving CISO role and how best to embed it in the organization, to fundamentals like data classification and controls, to advice on tools and techniques, the CISO Desk Reference Guide delivers multiple perspectives on the foundations of organizational cybersecurity. I would say this is essential reading for both aspiring and incumbent Chief Information Security Officers. The CISO Desk Reference Guide helps fill a critical gap in the ever-evolving information security common body of knowledge.
In the CISO Desk Reference Guide: A Practical Guide for CISOs, authors Bill Bonney, Gary Hayslip and Matt Stamper have written a tactical guide that can help the soon to be or new CISO get up and running. Each of the three have been in the information security space for decades, and bring their experience from the trenches to every chapter.
For the CISO that finds themselves in that position; they’ve entered it as a key entity in an organization. Poor information security controls can bring an organization to its knees. In the book, the authors share their experience and provide real-world experience that shows the CISO or security manager how to function most effectively in their roles as a CISO.
A recurrent problem for books with multiple authors is that the end-result often lacks consistency and are often simply a collection of different essays without a unifying theme. The authors here do an admirable job of avoiding that. Each chapter is clearly identified by who the specific author is. A benefit to the approach here is that each author brings their specific style to information security, such that the reader ends up with a broad and multifaceted methodology to the topic.
The 9 chapters in the book cover the entire range of the information security lifecycle; from regulatory issues, data classification, reporting to the board, tools, policies and more.
The previous point is not a trivial one as information security is not monolithic. There is certainly no single way to do information security. By learning the topic from the best and the brightest, an information security practitioner and CISO hopeful is able to ensure they will ultimately be successful in their endeavors.
Of course, an effective CISO can’t rely on any single book. And if they tried, that book would need to be about 2,500 pages long. But for those looking for a go-to reference when the CxO urgently calls, it would be a good idea for any information security professional to have a copy of the CISO Desk Reference Guide: A Practical Guide for CISOs handy. It’s an excellent desktop reference, and an indispensable one at that.
Here's what I specifically liked about the book:
* It gives thoughtful and thorough coverage of the CISO's areas of concern.
* The organization is innovative, which captured my attention.
* The use of questions to inform each chapter is also very likable.
* With each author's voice clearly indicated, it's useful to see three different ways of addressing the questions.
* It's neat how the three author perspectives merge into a single collection of recommendations at the end of each chapter.
* I really like the end of chapter summaries. I almost wish each one appeared at the beginning of the chapter rather than at the end!
After careful review, and a discussion with one of the authors, I have three constructive criticisms:
1. I kept looking for some commentary on what a CISO should do when their great plan is regularly undermined by the regular internal fight for resources; when do you accept a loss and keep going versus starting to polish your resume for the next job?
2. The book doesn't clearly answer this question: Is the CISO's problem space primarily a technology or a managerial one?
3. The next edition should include a new chapter on "CISO Management and Leadership Tools and Strategies". This wouldn't be a debate about which is better (manager versus leader), but a full description of how CISOs need to wield tools from both their manager and leader kits at the appropriate times. Sometimes switching between them as needed in the same conversation depending on the need: Will a rationale approach get me closer to my goal, or do I need to be persuasive and enter into the realm of emotions?
My thanks to the authors for their contributions and best of luck!
Most recent customer reviews
A great resource for practitioners, written BY practitioners.Read more