The Executive Guide to Information Security: Threats, Challenges, and Solutions 1st Edition

Mark Egan's 2004 "The Executive Guide to Information Security" is, as promised, an executive guide, written in layman's language, for planning and executing information security policy in a corporate environment. Egan clearly understands the basics of good security planning and the challenges of the information environment in which business now operates; he marries the two to provide a step by step guide for the busy corporate executive.Egan provides a framework and the necessary explanations to allow the business executive to understand the information security perimeter of his business. He identifies the essential components of a successful information security program and the information tools available to defend the business enterprise. The step by step development and execution of an information security program reinforces the importance of active ownership of the program and its results within the company or corporation, and the importance of ensuring that the security program facilitates the business of the business. Egan emphasizes the need for good metrics and constant monitoring; the successful information security program is a dynamic one.Egan's guide is oriented on the business executive who thinks he needs an information security program (hint: he or she almost certainly does). Information technology tech-heads will find the book less specific on actual threats and countermeasures; any book published in 2004 would already be out of date at that level of detail."The Executive Guide to Information Security" is very highly recommended as a basic guide to the threats, challenges, and solutions of an information technology-based business environment.

Mark Egan and Tim Mather have done a great job in my opinion of boiling the wide range of topics and information related to corporate network security down to an "executive summary" highlighting the key areas that executive leadership needs to understand in order to make decisions and lead effectively.This book provides an overview of the history and current state of information security and an appropriate amount of detail for an executive to understand trends in technologies and threats and how to assess risks, hire competent I.T. staff and a general overview of best practices and practical solutions.The appendices provide a wealth of additional information such as template job descriptions for specific I.T. roles and a listing of information security web sites for reference.This book covers a little about a lot, and even that lot is aimed at managers and executive leadership. Don't get this book if you are looking for details about any aspect of computer security or even if you are looking for a comprehensive, broad coverage of information security for the "working class". For executive leaders looking to gain an understanding of I.T. to ensure that their networks are properly protected though this is an excellent resource.[...]

Definitely not the book to take to the beach with you, but a good book all the same. The author lays out in a comprehensive way an organization wide process to develop a secure information structure. The insights range from high level strategies, to lower level tactics, with a few very practical examples thrown in here and there.Information security should be a critical concern of today's high-tech organizations. But so often it is forgotten, or relegated into obscurity because there was too much process or the security was too intrusive. The author strikes a good, pragmatic balance between convenience and security here.The book is a short, easy read. Really a must read for CIOs and a should read for CEOs.

This guide on security is OUTSTANDING. No one book can embody everything; however, this short but powerful book should encourage every person in our organization to accept responsibility for security.If you are looking to continue the growth and development of your team (as well as improved security for your organization) then buy and distribute several copies of this book.I sincerely believe that the experience and information that this book offers can help any organization to become better and more effective at security management.Dean LaneCEO Varitools, Inc.