Published on Security Management (http://www.securitymanagement.com)
The Illusion of Due Diligence: Notes from the CISO Underground
By Jeffrey S. Bardin; Reviewed by Paul H. Aube, CPP



    
Print Edition Only: 
No
Beyond Print?: 
No
Weight: 
-99
Teaser: 
The Illusion of Due Diligence isn't a security textbook, it's CISO war stories from inside the corporate belly.


***** The Illusion of Due Diligence: Notes from the CISO Underground. By Jeffrey S. Bardin; published by CreateSpace, www.createspace.com; [1] 214 pages; $13.99.


 


In The Illusion of Due Diligence, author Jeffrey S. Bardin is not trying to demystify the art of due diligence from the chief information security officer’s (CISO) perspective. The book instead demonstrates “the relative immaturity of the profession in the face of such well-heeled and established organizational icons that a CISO faces.”


 


Bardin’s message is presented inquisitively: “What do you do when ethical behavior, integrity, corporate due diligence, and attorney-client privilege collide in a cacophony of biased opinion and or negligence?”


 


This isn’t an information security textbook so much as a collection of anony­mized case studies about dealing with senior management as an information security professional. The text presents a number of corporate “skirmishes” ranging from instances of careless network management to unethical behavior and blatant conflicts of interest. The stories feature all of the seven deadly sins—including pride, sloth, lust, and the ever-present greed—but from an information security point of view.


 


This easy-to-read, pocket-size book begins with an overview of the code of eth­ics of IT security certification body (ISC)2. The most useful are the self-assessed “situational reviews” after each story, individual learning experiences that offer lessons for any reader. After the case studies, Bar­din concludes the book with some useful personal insights.


 


Bardin decided to share his professional “scars” so that information security and risk professionals will save themselves from his fate and “solve their problems with integrity and ethical behavior.” His text is an especially worthwhile read for IT security professionals interested in doing the right thing, even when those around them aren’t, and it will illustrate to managers and investigators that faults often attributed to IT systems are in fact the work of the people who design and use them.


 




Reviewer: Paul H. Aubé, B.Sc., CPP, CAS (Certified Antiterrorism Specialist), is an assistant director for security at Ecole Polytechnique in Montreal and an independent consultant. He has been a security professional for more than 20 years and is a member of the ASIS Global Terrorism, Political Instability, and International Crime Council. He received ASIS’s Distinguished Achievement Award in 2003 and is a former chair of the Montreal Chapter.


 


Author: 
Jeffrey S. Bardin; Reviewed by Paul H. Aube, CPP
Related Resources: 
Detail Image: 
Bardin copy.gif
Thumbnail: 
Comments


    

    




  
Security Management is the award-winning publication of ASIS International, the preeminent international

organization for security professionals, with more than 38,000 members worldwide.


ASIS International, Inc. Worldwide Headquarters, 1625 Prince Street, Alexandria, Virginia 22314-2818 U.S.A.

703.519.6200 | fax 703.519.6299 | www.asisonline.org


ASIS


© 2013 Security Management

This site is protected by copyright and trade mark laws under U.S. and International law.

No part of this work may be reproduced without the written permission of Security Management.








    

    
Source URL: http://www.securitymanagement.com/article/illusion-due-diligence-notes-ciso-underground-008248

    
Links:
[1] http://www.createspace.com;