Friday, April 24, 2015

"The Frugal CISO" by Kerry Anderson

Currently I am reading thru Kerry Ann Anderson's The Frugal CISO (CRC Press, 2014).

I am always on the lookout for good infosec books, and one area that I think is under served are those that are aimed at the top-level security professional on how to implement a good information security program.

This one I had discovered thanks to a related article the author had in a recent issue of the ISACA Journal on information security maturity models ("From Here to Maturity—Managing the
Information Security Life Cycle" v6, 2014). She makes use of the Nolan Model, which I wasn't familiar with (being more familiar with the CMM/CMMI based models).  The article was interesting, and I wanted to know more on the idea and she spends a chapter on this concept, which is good.  I think this would be a better maturity model for infosec groups to use then a CMM-based one.

I am currently reading thru the book, basically jumping around based on my interests.  What I see is pretty good.  She has stuff on hiring and building an infosec team, policies, controls, and more.  Her main theme overall is being frugal, being smart with you are spending money on, an important concept in today's cost-cutting attitude.

This is not a full review of the book.  I will probably post something like that later on.


No comments:

Post a Comment