The Information Systems Security Officer's Guide: Establishing and Managing an Information Protection Program. By Gerald L. Kovacich; published by Elsevier Butterworth-Heinemann; available from ASIS International, Item #1614, 703/519-6200 (phone), www.asisonline.org (Web); 361 pages; $40 (ASIS members), $44 (nonmembers).
Regardless of where you are in the security hierarchy, this is the definitive text for learning what it takes to be an effective information systems security officer (ISSO). The book paints an excellent portrait of an ISSO's duties, challenges, and working environments. It includes everything from how to handle new technologies and threats to how to perform information-security duties in a national-security environment.
Using situations found in actual workplaces, the author leads readers through the process of building an effective corporate information assets protection program (CIAPP) through the fictitious International Widget Corporation. One of the most interesting chapters deals with establishing a metrics-management system, which provides the basics for creating a CIAPP. Metrics management will help ISSOs identify areas needing improvement and methodologies for tracking resource costs and usage.
A chapter on investigative support for high-tech crime is germane to today's ISSOs. The author emphasizes the importance of policies that dictate when an investigation will be done internally or when it will involve law enforcement and, in the latter case, what kind of staff support to provide.
Information warfare, information operations, and information assurance also receive their due in this book. Understanding these concepts is critical to competing in a global environment.
This is a very effective presentation of a broad range of information about a critical security function. It should find a place on the desk of all infosec professionals.
Reviewer: David O. Best, CPP, CBM (Certified Business Manager), is a security manager with Northrop-Grumman Mission Systems in Van Nuys, California. He is a member of ASIS International.