Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] Re: REVIEW: "A Practical Guide to Managing Information Securi

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] Re: REVIEW: "A Practical Guide to Managing Information Security", Steve Purser
Date: Wed, 13 Oct 2004 09:42:16 -0800 


From:                   "Tom Bowers" <bowerst@wyeth.com>
Date sent:              Tue, 12 Oct 2004 10:32:15 -0400


I start this by stating outright that I have NOT read this particular
tome on InfoSec Management. My concern however is your apparent disdain
for the business side of InfoSec at least within the context of this
particular review.


Hmmm.  You are correct: the review *could* be read that way.


Information Security is all about protecting the
information that makes the business run and/or differentiates it from
it's competitors. If I do not know what research my company is
performing how do I know what information is important to the future of
my company? If I don't know how to run a project or manage a department
how do I execute my Information Security plan effectively?


All correct and important points.


I am of the
opinion that unless you can speak the language of InfoSec,


And it is here that the book falls down.  It is important to know the business 
side, 
but it is not sufficient.  The author provides vague generalities and 
platitudes, 
rather than useful advice.  


understand my
companies product mix/business process, deploy/project manage the
security technology correctly and manage the teams that oversee the
administration of the plan then you are not as complete an InfoSec
professional as you could be. 


My references to "managespeak" and "generic advice on planning" were intended 
to point out that he uses buzzwords and cliches in place of helpful detail, 
but, yes, I 
can see how the repetition could be interpretted as an "anti-business" bias.  


There is more to InfoSec than an academic
treaty that needs expounding. Theres a business to run, money to be made
so that I as an InfoSec professional can have a productive place in
society.


Agreed, absolutely.  Thank you for your response and comments, and the 
opportunity to clarify that issue.

======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
Those who are too smart to engage in politics are punished by
being governed by those who are dumber.       - Plato (427-347 B.C.)
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade






------------------------ Yahoo! Groups Sponsor --------------------~--> 
$9.95 domain names from Yahoo!. Register anything.
http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/kgFolB/TM
--------------------------------------------------------------------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] Re: REVIEW: "A Practical Guide to Managing Information Security", Steve Purser, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] Who open the door for Alice in the "Wonderland of Cryptology", Nadeem Rafi
Next by Date:  RE: [CISSP-D] Practice Tests, DSardina
Previous by Thread:  [CISSP-D] Who open the door for Alice in the "Wonderland of Cryptology", Nadeem Rafi
Next by Thread:  [CISSP-D] re: [CISSP-Discuss] Practice Tests, Velociraptor
Indexes:  [Date] [Thread] [Top] [All Lists]