Ben's Book of the Month: Review of "CISO Desk Reference Guide: A Practical Guide for CISOs"

Posted on by Ben Rothke

While the classic prepare 3 envelopes joke revolves around a CEO, it’s quite appropriate for a CISO. For many CISO, their career path is a slow and steady one where they deliberately progress into that role. For others, they often quickly obtain the role due to a major security breach that requires that envelope #3 be opened.

In the CISO Desk Reference Guide: A Practical Guide for CISOs (CISO DRG 978-0997744118), authors Bill Bonney, Gary Hayslip and Matt Stamper have written a tactical guide that can help the soon to be or new CISO get up and running. Each of the three have been in the information security space for decades, and bring their experience from the trenches to every chapter.

For the CISO that finds themselves in that position; they’ve entered it as a key entity in an organization. Poor information security controls can bring an organization to its knees. In the book, the authors share their experience and provide real-world experience that shows the CISO or security manager how to function most effectively in their roles as a CISO.

A recurrent problem for books with multiple authors is that the end-result often lacks consistency and are often simply a collection of different essays without a unifying theme. The authors here do an admirable job of avoiding that. Each chapter is clearly identified by who the specific author is. A benefit to the approach here is that each author brings their specific style to information security, such that the reader ends up with a broad and multifaceted methodology to the topic.

The 9 chapters in the book cover the entire range of the information security lifecycle; from regulatory issues, data classification, reporting to the board, tools, policies and more.

The previous point is not a trivial one as information security is not monolithic. There is certainly no single way to do information security. By learning the topic from the best and the brightest, an information security practitioner and CISO hopeful is able to ensure they will ultimately be successful in their endeavors.

Of course, an effective CISO can’t rely on any single book. And if they tried, that book would need to be about 2,500 pages long. But for those looking for a go-to reference when the CxO urgently calls, it would be a good idea for any information security professional to have a copy of the CISO Desk Reference Guide: A Practical Guide for CISOs handy. It’s an excellent desktop reference, and an indispensable one at that.

Ben Rothke

Senior Information Security Manager, Tapad

Business Perspectives

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs