The Information Systems Security Officer's Guide: Establishing and Managing an Information Protection Program

If you are looking to grow as a security professional, this book can definately help you. Regardless of if your just getting started in the industry or if you have 20 years under your belt, you will learn something from this author. It discusses everything from marketing yourself, getting hired, planning, hiring staff, performing risk management, classifying your information, doing metrics analysis and of course how to deal with people and politics in your "ISSO" position. A definate must have for anyone looking to manage an Information Security program for an organization.

For years, we being trying to define InfoSec. Is it Legal, is it IT, is it Audit. What are the roles and how can InfoSec value be measured. Kavacich lays out the responsibilities; strategic, tactical, and annual plans; security programs; functions; and metrics. Any manager who works in this field should read it.

This guide is a very comprehensive introduction to everything an information system security officer should know, plan and do. It contains valuable information for personal marketing. It is an easy understandable book with lots of factual information - my favourite tutorial of the year.

Having both a law enforcement and private sector background, I appreciated the premise of Dr. Kovacich's book as it related to the Information Security Officer's duties and challenges. His approach will enable the reader to better understand the corporate environment concerning, not only the management process involved in protecting information, but also the importance of communicating and interacting with the organization in a way that people feel motivated to develop and maintain a successful and effective InfoSec program. The book discusses important management tenets and procedures which demonstrates the authors insight and experience in dealing with "real world " InfoSec issues. This book is easy reading and provides a clear understanding of the information security functions by taking the reader through the business and management environment and at the same time stressing a very important point that is often overlooked, i.e., an awareness and expectation that change is constant. I've recommended this book to those who are currently in the information security business and anyone who is attempting to pursue a career in this field. This book would be an ideal supplement to a variety of college courses and/or seminars pertaining to business and information technology.

Greater than I expected. Well thoughtout and organized; written in simple, clear language; good advice and guidelines for the new ISSO; excellent examples of using management techniques and tools for establishing an effective InfoSec program; forward looking, expecially the chapter on 21st Century Challenges for the ISSO. This is a one-of-a-kind book for the InfoSec professional and a must reading by all people interested in an InfoSec career. Even the experienced ISSO can find great value in this book. If an ISSO followed the guidance offered, success is almost a certainty. A book that should be adopted for required study in business management, computer science, and information security courses.