Executive Guide to Information Security

As many within the information security "working class" will quickly point out, the executive leadership often just doesn't get it. It is difficult to prove the value of something that doesn't provide revenue, but only protects against the loss of revenue. The better you do your job the less apparent it is that you are even necessary. This book is aimed at providing that executive management level with an understanding of information security and how to apply it within a business.

About The Book

Among corporate documents there are typically varying levels of detail. There are technical or engineering documents that spell out every last technical detail of a system. There are design or architecture documents which provide a higher-level overview of the system. One of the highest levels though of corporate documentation is the Executive Summary.

The Executive Summary is typically a 1-page bulleted list of the key elements of a given project or system. Executives are exceptionally busy and typically must oversee a variety of projects or areas of business at one time. They need the facts, and just the key facts, in a quickly digestible form so they can make effective decisions quickly.

This book is obviously more than a single page of bulleted points, but conceptually it is the same. Mark Egan wrote The Executive Guide to Information Security: Threats, Challenges and Solutions with the executive manager's busy schedule in mind. Egan provides a basic crash course in information security in simple and concise terms. The book details some of the reasons why information security is important and clearly explains how to approach the various aspects of implementing information security.

My Review

I am not an executive. I operate more on the information security "working class" level. But, I know the importance of having the executive leadership understand the importance of information security and to have a basic understanding of how to go about information security. Without that sort of understanding by the executive management it can be very difficult to get the resources necessary to properly secure the company's network.

This book does an excellent job of conveying a wide variety of information in concise and simple terms so that it doesn't take a "techie" to comprehend it. The first chapter may be a little basic, but it does provide an overview of the history of computer security and the current threats and challenges facing the Internet and corporate networks.

Egan covers a range of topics from personnel to processes to the technologies necessary to secure a network. Each chapter ends with a bulleted summary of key points to remember. The appendices provide a range of great information such as information security web sites to reference and sample job descriptions you can use when hiring for security positions. Overall I think Egan does a great job of providing the information necessary for the target audience.