The Executive Guide to Information Security: Threats, Challenges, and Solutions

Mark Egan's 2004 "The Executive Guide to Information Security" is, as promised, an executive guide, written in layman's language, for planning and executing information security policy in a corporate environment. Egan clearly understands the basics of good security planning and the challenges of the information environment in which business now operates; he marries the two to provide a step by step guide for the busy corporate executive. Egan provides a framework and the necessary explanations to allow the business executive to understand the information security perimeter of his business. He identifies the essential components of a successful information security program and the information tools available to defend the business enterprise. The step by step development and execution of an information security program reinforces the importance of active ownership of the program and its results within the company or corporation, and the importance of ensuring that the security program facilitates the business of the business. Egan emphasizes the need for good metrics and constant monitoring; the successful information security program is a dynamic one. Egan's guide is oriented on the business executive who thinks he needs an information security program (hint: he or she almost certainly does). Information technology tech-heads will find the book less specific on actual threats and countermeasures; any book published in 2004 would already be out of date at that level of detail. "The Executive Guide to Information Security" is very highly recommended as a basic guide to the threats, challenges, and solutions of an information technology-based business environment.

This guide on security is OUTSTANDING. No one book can embody everything; however, this short but powerful book should encourage every person in our organization to accept responsibility for security. If you are looking to continue the growth and development of your team (as well as improved security for your organization) then buy and distribute several copies of this book. I sincerely believe that the experience and information that this book offers can help any organization to become better and more effective at security management. Dean Lane CEO Varitools, Inc.

Definitely not the book to take to the beach with you, but a good book all the same. The author lays out in a comprehensive way an organization wide process to develop a secure information structure. The insights range from high level strategies, to lower level tactics, with a few very practical examples thrown in here and there. Information security should be a critical concern of today's high-tech organizations. But so often it is forgotten, or relegated into obscurity because there was too much process or the security was too intrusive. The author strikes a good, pragmatic balance between convenience and security here. The book is a short, easy read. Really a must read for CIOs and a should read for CEOs.

An effective security policy can only be the result of a systemic operation, which means that it must be supported at the executive level. To be supported, it must first be understood, therefore all executives must have a broad knowledge of the need for security and some of the particulars as to how it is implemented. This book provides that information. While it is necessary to use some technical jargon in order to explain the basics of computer security, it is kept to a minimum. The three components of an effective security program: people, process and technology are each explained in a separate chapter. There are several questionnaire/checklist style worksheets, where you can fill them in and get some idea regarding the current status of your company. These are excellent ways to get a snapshot of how vulnerable your company is. One simple addition that many executives will find valuable is a collection of example job descriptions for security personnel. These positions are difficult to describe and fill, so even the smallest bit of assistance is of great value. There are very few books that should be the subject of a study group of the executives of a company. This is one of them, each executive should be given a copy, and then forced to read and study it as a group. It is one of the few ways to guarantee that security is given the consideration that all executives need to apply. In these dangerous times, failure to do so can literally be a matter of life and death for some companies.

Mark Egan and Tim Mather have done a great job in my opinion of boiling the wide range of topics and information related to corporate network security down to an "executive summary" highlighting the key areas that executive leadership needs to understand in order to make decisions and lead effectively. This book provides an overview of the history and current state of information security and an appropriate amount of detail for an executive to understand trends in technologies and threats and how to assess risks, hire competent I.T. staff and a general overview of best practices and practical solutions. The appendices provide a wealth of additional information such as template job descriptions for specific I.T. roles and a listing of information security web sites for reference. This book covers a little about a lot, and even that lot is aimed at managers and executive leadership. Don't get this book if you are looking for details about any aspect of computer security or even if you are looking for a comprehensive, broad coverage of information security for the "working class". For executive leaders looking to gain an understanding of I.T. to ensure that their networks are properly protected though this is an excellent resource. [...]