Preface

Previous page
Table of content
Next page


Because of the popularity of the first edition of this "ISSO" book, the publishers asked me to do a Second Edition. When I agreed to write a second edition, I wanted to be sure not only that it would be brought up to date, but that it would continue to be a useful reference for you, the reader. Over the years since the book was first published, I have received comments and recommendations as to the book's content and what should be included in any new editions. I also solicited numerous information systems security (InfoSec) professionals for their comments. Based on everyone's input, this new edition was written.

The changes in this edition include:

  • An update of all chapters;

  • The rearrangement of the chapters based on InfoSec professionals' input into what they considered a more logical flow;

  • The dividing up of the chapters of this book into three major sections:

    • Section I: The Working Environment of an ISSO;

    • Section II: The Duties and Responsibilities of an ISSO; and

    • Section III: The Global, Professional, and Personal Challenges of an ISSO.

  • Six new chapters:

    • Chapter 3, Understanding Today's Threats to Information Assets;

    • Chapter 11, High-Technology Crimes Investigative Support;

    • Chapter 12, InfoSec in the Interest of National Security;

    • Chapter 13, The Related World of Information Assurance, Information Operations, and Information Warfare;

    • Chapter 14, The ISSO and Ethical Conduct; and

    • Chapter 17, So, Are You Ready to Become an InfoSec Consultant?.

As with any book, sometimes the readers were critical of this book's first edition. That's fine if one can sit down and discuss InfoSec and ISSO responsibilities with the critics. After all, they have important points that could be considered when updating the book. However, that is usually not possible.

So, with all that said, let me state for the record what this book is not:

  • It is not a book that is the "end all and be all" of ISSO and InfoSec functions, duties, and responsibilities. The rapid changes in information environments, high technology, etc., make such a book impossible.

  • It is not a technical book and does not purport to be—it will not tell you how to install a firewall. The rationale is that there are many good books on the market that cover specific aspects of InfoSec, narrowly focused and very technical. It is expected that the ISSO will read these books as needed based on specific InfoSec needs of the ISSO.

In short, this book's goal is to provide a basic overview of the InfoSec professional's (ISSO) world, duties, responsibilities and challenges in the 21st century. It is a primer. It is about an ISSO who must establish and manage an InfoSec program for an international corporation, although all of the material is applicable to various work environments, such as government agencies or charitable organizations.

It was written because over the years many associates and I had to establish and manage such organizations and found no primer to guide us. So, over the past 40 years that I have been involved in various aspects of security, eventually focusing on InfoSec and its related functions in about 1980, I think I have developed a basic approach that has been successful. Others who have read this book, listened to my lectures based on what became this book, and whom I have mentored over the years have agreed with me.

So, if you are an InfoSec techie, engineer, or the like looking for the Holy Grail of information protection, that is not what this book is about. However, if you want an ISSO career, want to know what the ISSO profession is all about, and want to be able to build a foundation for a successful InfoSec program and organization, then yes, this book is for you.

This book was also written for non-InfoSec professionals in management positions, such as corporate security directors and business managers, who are responsible for overall government agency and business assets protection. These professionals should also know what the ISSO profession is all about and the basics of information assets protection.

This book can also be used as a textbook or "recommended reading" for university courses related to security and information systems security.

I hope you enjoy it. After reading it, please drop me an e-mail through my publisher and let me know:

  • Any questions you may have;

  • What you liked about it;

  • More importantly, what you didn't like;

  • Why you liked or disliked it;

  • What ideas presented were most important to you;

  • Your implementation of some of the ideas presented, and your result; and

  • What I should write about or cover differently in the third edition.

After all, I want you to be able to use this book in the real world of the ISSO. All feedback is welcome. By the way, be sure to surf by my Web site for additional information that may be of use to you as an ISSO (http://www.shockwavewriters.com). Much of the information in this book and other related information is posted there. The information is free, there are no advertisements, and there is no tracking of who looked at what, when.

Thanks!

Jerry
Dr. Gerald L. Kovacich
ShockwaveWriters.Com
Whidbey Island, Washington, USA


Previous page
Table of content
Next page
The Information Systems Security Officer's Guide. Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
Year: 2002
Pages: 204
Authors: Gerald L. Kovacich CFE CPP CISSP
BUY ON AMAZON
MySQL Stored Procedure Programming
Software Configuration Management
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
Extending and Embedding PHP
Java All-In-One Desk Reference For Dummies
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy