Rating: 
Summary: The Security Officers must have book
Review: Once again Dr. Kovacich has excelled. He has produced an updated version of already 'must have' book for any information security officer. It is the sort of book that is useful to both the experienced information security officer and to the person who is new to the area. The book is written in a format that makes it very readable and also that you can easily find that piece of information that you can remember seeing but can't exactly recall where..I wish that he had been writing this type of book when I first started out in the Infosec field. If you only buy one information security book - make sure it is this one.
Rating:
Summary: THE how-to job book.
Review: One of the biggest challenges in any career is how to present yourself and your objectives to gain favorable support from others. Once you scan inside this book - you'll realize how powerful it is.
Rating: 
Summary: Gerald Kovacich great cut and paste book
Review: This book had the potential to be great. But in the end does not deliver. About 40% of the book is Gerald Kovacich cutting and pasting from other books he and others have written. I did not like the organization of the book, and felt it lacked direction. The footnotes were repetitive often, and Kovacich is constantly footnoting and referencing other books he has written.
Rating:
Summary: Gerald Kovacich great cut and paste book
Review: This book had the potential to be great. But in the end does not deliver. About 40% of the book is Gerald Kovacich cutting and pasting from other books he and others have written. I did not like the organization of the book, and felt it lacked direction. The footnotes were repetitive often, and Kovacich is constantly footnoting and referencing other books he has written.
Rating: 
Summary: Must have for ISSOs or ISSO wannabees
Review: This book is the Boy Scout Senior Patrol Leader's handbook for Information Security Officers. " On my honor, I will do my best, to do my duty, to my corporation and profession...." It is a short book-I read it in an evening-that tries to be a complete guide to a very complex profession. Following this merit badge guidebook approach, the entire subject of risk is covered in 3 pages, and CP/DR is covered in just over 2. It just doesn't contain enough text to be the sole reference book for any single aspect of the job, but it does have some useful information that I'm not aware of in any other text. It is process and organizationally organized, and does not deal with technology at all. My favorite chapter is the second one, "Understanding the Business and Management Environment." With a background in social science and significant experience in multi-cultural situations, the author is uniquely qualified to help an information security practitioner operate effectively within what is essentially an alien culture. A question that I'm frequently asked, and I see often in infosec forums, is "What do I do to get into the security business?" Chapter 4 provides excellent advice on creating a career path, followed by Chapter 5 which contains suggestions on finding a new job. I recommend these chapters to anyone who is looking to break into this field, or who wants to advance their career. If you have managed to find yourself a leadership role in infosec, and are wondering what you should do next, the chapter on creating security plans should be helpful. The chapter on establishing an infosec program is also helpful, and contains some excellent job descriptions for different infosec positions. This is hardly stimulating reading, but if you are an ISSO, your choice is to find usable boilerplate like this, or make it up yourself. The author approaches the subject from a single point of view. All of the examples are drawn around a single hypothetical corporation, and it is obvious that the author has a law enforcement orientation. An infocop approach like this is not necessarily successful within every corporate culture, nor does everyone who is responsible for an information security program think of their role in corporate criminal justice terms. I do think that anyone running an information security program would benefit from this book-or anyone who wants to work towards such a position. If you like org charts and job descriptions, you'll probably feel comfortable with it. For those who are not ISSOs, or those who just looking for an introductory guide to security, this is not the ideal text. For those who are ISSOs, or otherwise responsible for infosec programs, Thomas Wradlow's book, "The Process of Network Security," is a meatier and more sophisticated book that covers much of the same subject matter at a lower price. I recommend that anyone responsible for creating or implementing infosec programs get both books.
| 
