Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Becoming a global chief security executive officer : a how to guide for next generation security leaders
Cloutier R., Butterworth-Heinemann, Newton, MA, 2016. 392 pp. Type: Book
Date Reviewed: Apr 25 2017

For many years, a recurring topic in security conference talks and articles has been how to sell security to businesses. There are parallels with the earlier business-IT alignment discussions. In both cases, I would argue that it is not “business,” but senior management and the board that force the change. IT became a major strategic factor for many organizations, determining their future. Security likewise has become an executive concern. Security failures can cause companies to fail, their stock value to be severely reduced, and executives to be fired. It made security stand out as a separate factor instead of an IT subproblem.

Now that security is receiving executive attention, it needs to deliver security professionals at the executive level. Being an excellent IT or security professional does not imply being an IT or security executive. If you wonder about the difference, or how you can make the move, read this book.

The first chapter (18 pages) states the vision of the future of the security executive: it is about business protection, being a leader working with operational excellence, being transparent, and building on data.

The second chapter (24 pages) builds the case for converged security. It is based on the business reality, which is technical, global by default, and on interconnected business ecosystems. It requires leadership, oversight, and governance capabilities within limited time frames, in a politically sensitive context, where agreed-upon metrics can provide a stable platform.

The job description of the senior security executive (37 pages) starts with the current security context and what role the executive must fill, the core being to protect and to respond to protection weaknesses. A cornerstone for the job is the mission statement: it must motivate, provide a compass, and be a compelling story. A keyword throughout the book is transparency, based on presenting facts. As a person, the executive must show expertise and confidence-inspiring leadership.

The chapter on concepts of security organization (44 pages) looks at assessing the current situation, how it became that way, stigmas and dogmas that may be present, and the basics of organization (re)design, with the objective of organizational success.

As a security executive, you must have a plan that is understood and approved by your peers. How to develop such a program is the next topic (29 pages). No two organizations are the same, so start with situational awareness: know your business, your industry, your clients, and the threats facing them. Equally, know your capabilities and those of your team. Build relationships with mutual benefits.

The largest chapter (56 pages) proves a five-step guide to operational execution. The key steps are information and cyber on the one hand, and corporate security on the other hand, each getting about 20 pages. It is noteworthy that cyber is but one element.

The focus on the business (19 pages) stresses sustainability and partnerships in delivery. It goes as far as describing the job of the senior security executive as a marketing guru.

The last chapter (15 pages) discusses the chief security officer’s career.

Security finally got what it deserves: a seat at the executive table. Now it has to deliver. This book provides guidelines, ideas, and insight at a bargain price. The path to follow has been highlighted. The significant effort to do something with and about it rests with the reader.

More reviews about this item: Amazon

Reviewer:  A. Mariën Review #: CR145215 (1707-0443)
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Security and Protection (K.6.5 )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
CIRCAL and the representation of communication, concurrency, and time
Milne G. ACM Transactions on Programming Languages and Systems 7(2): 270-298, 1985. Type: Article
Oct 1 1985
Computer security risk management
Palmer I., Potter G., Van Nostrand Reinhold Co., New York, NY, 1989. Type: Book (9780442302900)
Apr 1 1991
Computers at risk
, National Academy Press, Washington, DC, 1991. Type: Book (9780309043885)
Oct 1 1991
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy