Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Governance Guidebook", Fred Cohen

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Governance Guidebook", Fred Cohen
Date: Tue, 09 May 2006 11:53:57 -0800 
BKCISOGG.RVW   20051119

"Governance Guidebook", Fred Cohen, 2005, 1-878109-34-0
%A   Fred Cohen http://all.net
%D   2005
%G   1-878109-34-0
%I   ASP Press
%O  http://www.amazon.com/exec/obidos/ASIN/1878109340/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1878109340/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1878109340/robsladesin03-20
%O   Audience a+ Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   204 p.
%T   "Governance Guidebook"

The very short section one of the Governance Guidebook explains that
it is intended for the CISO (Chief Information Security Officer) of a
large concern.  Which is to say that the reader should be experienced
in security and the management thereof.  At that point one wonders
what such a work would entail: presumably such a person would already
know pretty much anything you could put into a book.  This
introduction then goes on to detail the organization of the guidebook. 
Section two is an overview of the structure of a security plan or
protection strategy.  It also notes that the illustrations in this
section of the text are very busy and cluttered, but that careful
study will make the situation clearer.

All of this is true.  This is definitely not your standard security
textbook.  It is extremely demanding of the reader, but will amply
repay the effort put into using the volume.  And I say "using," rather
than merely "reading": this is a tome that requires application.  Bed-
time reading it is not.

This is not a primer to be read quickly in one sitting.  The
illustrations are dense, and so is the text, but dense with meaning
and import.  This is a work to be worked through, a page or even a
paragraph at a time.  And then, when you are finished, work through it
again.  If you are a CISO it won't teach you anything--but it will
remind you of things, practices, and procedures that have possibly
been forgotten in the press of other urgencies.  This volume becomes,
therefore, an aide memoire for the strategic planning of information
protection.

This is not to say that there are no details provided.  Section three,
entitled "Drill Down," provides greater depth to a number of the areas
(one example is an intriguing use of the human life span to address
personnel and human resources issues).  The content does not deal with
specific technical areas of security, but does provide a very solid
overview of security management--or, if you prefer, governance.

This is a handy and useful guide for those in the CISO position.  It
is destined to become well-thumbed, dirty, and dog-eared, over time. 
Those who are not yet into a CISO job will not recognize all of the
value in its pages, yet.  However, those who aspire to the calling
would do well to get a start on learning from it.

copyright Robert M. Slade, 2005   BKCISOGG.RVW   20051119


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
Lately, the only thing keeping me from becoming a serial killer
is my distaste for manual labor                    - Dilbert, 1/7/01
http://victoria.tc.ca/techrev/rms.htm


------------------------ Yahoo! Groups Sponsor --------------------~--> 
Everything you need is one click away.  Make Yahoo! your home page now.
http://us.click.yahoo.com/AHchtC/4FxNAA/yQLSAA/kgFolB/TM
--------------------------------------------------------------------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Governance Guidebook", Fred Cohen, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] Toronto area, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] US-CCU Cyber-Security Checklist (Final Draft), lists@infostruct.net
Previous by Thread:  [CISSP-D] Toronto area, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [CISSP-D] US-CCU Cyber-Security Checklist (Final Draft), lists@infostruct.net
Indexes:  [Date] [Thread] [Top] [All Lists]