CISO Desk Reference Guide: A Practical Guide for CISOs

Part of what makes the role of CISO interesting is that there is no one approach or solution. What makes this book special is that goes topic by topic and presents the three authors' different takes in their own separate essays. Each has their own background and experiences to draw from and you can see from the responses that not only did they take a different approach to the question, they may even INTERPRET what the question/topic was about in completely different ways.I personally found that reading it end-to-end would breeze past far too much valuable information. Reading one topic at a time and the three responses is the perfect way to digest this book. Reflecting on each topic, sometimes I would lean toward what Gary would write vs Bill. Other times I thought Matt provided the most practical response that I could apply myself. Taking the three together ensured that you are exposed to different viewpoints. This is not a textbook: it deals with the real world. No one response is "more right" than the other, but I've found that it has helped shape my own views. This is indeed "giving back" by helping others in similar roles learn from their individual experiences.I fully expect to be able to use this indeed as a desktop reference: the first chapter is about the role of the CISO and how it fits within a company and what to look for to ensure success of the role. This is instant value when choosing my next job (and in fact evaluating my current one). That alone is well worth the price.

There simply isn't another resource out there that comes close to this in terms of real world applicability in security leadership. This should be required reading for all security personnel. Especially anyone working in security management and security GRC.I have my CISSP, CISM, CRISC, CEH, SSCP, and Security+. None of the study materials for those come close to explaining security governance and its practical aspects like this book does. Nor do they give you a realistic viewpoint of how security fits into the bigger picture in the real world.Whether you're a level 1 analyst or a CISO, this is a book you should have in your knowledge repository.

The Chief Information Security Officer has emerged as a key role in forward-thinking organizations that are keenly aware of the existential threat that cyber risks now pose. The authors of the CISO Desk Reference Guide grasp that reality and use their many years of experience to provide a ton of practical advice about how to function effectively in this role. The unique multi-author approach of the CISO Desk Reference Guide has produced a wealth of insight into the complex and challenging role of Chief Information Security Officer, a role that increasingly anchors organizational risk management in all things cyber and digital.From the excellent discussion of the evolving CISO role and how best to embed it in the organization, to fundamentals like data classification and controls, to advice on tools and techniques, the CISO Desk Reference Guide delivers multiple perspectives on the foundations of organizational cybersecurity. I would say this is essential reading for both aspiring and incumbent Chief Information Security Officers. The CISO Desk Reference Guide helps fill a critical gap in the ever-evolving information security common body of knowledge.

This book is so crafted so well and it's addressed to any security new or seasoned security executive. It demonstrates three different opinions on how to go about solving specific problems. It highlights that an information security program can't be the voice/mind of a single person but that it takes a community. I highly recommend both volumes and I keep mine next to my desk at work as I usually refer to some areas of the books whenever I need additional data or direction. All three authors have a very pragmatic way on how to address risks while enabling the business to continue moving forward. This is the essential ingredient for any security program to be successful.Please check it out, hope there will be future volumes!

The content in this book is awesome. However the print quality could be a lot better. Especially the text insets such as the KEY POINTS or the ACTION ITEMS... the text is too small for comfort reading.Also, I wouldn’t mind paying more for a hard bound copy. These guys should make the quality of the book worth holding for a prospective CISO... instead it looks and feels like a low cost, me-too kind of a school book quality press, I feel.Please get a premium version out...

I received the book fast but there is problem with book wrapping and arrange the paper’s .

This book has no equal in its depth. This is a superbly written text with the authors passion for the topic being evident. The book is insightful and full of practical recommendations for anyone assuming this role or wanting a vector check if already in this role. Simply put, this book is a well written and excellent read.

Great book from great guys. Real world examples

First class reference book along with volume 2. All CISO's should have copies of these.

No brainier buying this book. Superb well worth money

Good read for any aspiring ciso or even yet current ciso/managers.

This is one of the best books that I have read for a Chief Information Security Officer. The authors provide exceptional details that provides detailed insights for a CISO to effectively operate and navigate in a complex organization. I highly recommend this book!