While the classic prepare 3 envelopes joke revolves around a CEO, it’s quite appropriate for a CISO. For many CISO, their career path is a slow and steady one where they deliberately progress into that role. For others, they often quickly obtain the role due to a major security breach that requires that envelope #3 be opened.
In the CISO Desk Reference Guide: A Practical Guide for CISOs (CISO DRG 978-0997744118), authors Bill Bonney, Gary Hayslip and Matt Stamper have written a tactical guide that can help the soon to be or new CISO get up and running. Each of the three have been in the information security space for decades, and bring their experience from the trenches to every chapter.
For the CISO that finds themselves in that position; they’ve entered it as a key entity in an organization. Poor information security controls can bring an organization to its knees. In the book, the authors share their experience and provide real-world experience that shows the CISO or security manager how to function most effectively in their roles as a CISO.
A recurrent problem for books with multiple authors is that the end-result often lacks consistency and are often simply a collection of different essays without a unifying theme. The authors here do an admirable job of avoiding that. Each chapter is clearly identified by who the specific author is. A benefit to the approach here is that each author brings their specific style to information security, such that the reader ends up with a broad and multifaceted methodology to the topic.
The 9 chapters in the book cover the entire range of the information security lifecycle; from regulatory issues, data classification, reporting to the board, tools, policies and more.
The previous point is not a trivial one as information security is not monolithic. There is certainly no single way to do information security. By learning the topic from the best and the brightest, an information security practitioner and CISO hopeful is able to ensure they will ultimately be successful in their endeavors.
Of course, an effective CISO can’t rely on any single book. And if they tried, that book would need to be about 2,500 pages long. But for those looking for a go-to reference when the CxO urgently calls, it would be a good idea for any information security professional to have a copy of the CISO Desk Reference Guide: A Practical Guide for CISOs handy. It’s an excellent desktop reference, and an indispensable one at that.