[Home] [Catalog] [Category] [Previous Item] [Next Item] [Checkout] [Review Cart] [Button]
[Logo Image]

MORE Backlist & Bargains

Information System Security Officer Gde

[Item Image]
Information System Security Officer's Guide:
Establishing and Managing an Information
Protection Program. 2004, Dr. Gerald L.
Kovacich. 400 pages. 50% OFF SALE!
The Information Systems Security Officer's Guide:
Establishing and Managing an Information Protection Program
by Dr. Gerald L. Kovacich, CFE, CPP, CISSP

* Six new chapters present the latest information and resources to counter
information security threats
* Every chapter contains opening objectives and closing summaries to
clarify key
* Accessible, easy-to-read style for the busy professional

- - - - - - - -
- - -

“Introductory books to the job of Information Systems Security Officer have been
needed for a long time. Dr. Gerald L. Kovacich has taken a significant step towards
that need with his book Information Systems Security Officer’s Guide. This is a
small volume,
only 172 pages long, which is easily read and to the point. It is suited for self-study
as well as
for introductory courses, in the private as well as in the public sector.” - - -
Security Bulletin, December, 1999.

- - - - - - - -
- - -

“Information systems security continues to grow and change based on new
technology and
Internet usage trends. In order to protect your organization's confidential
information, you
need information on the latest trends and practical advice from an authority you
can trust. The
new ISSO Guide is just what you need.

“Information Systems Security Officer's Guide, Second Edition, from Gerald
Kovacich has
been updated with the latest information and guidance for information security
officers. It
includes more information on global changes and threats, managing an
information security program, and additional metrics to measure organization
performance. It
also includes six entirely new chapters on emerging trends such as high-tech
investigative support for law enforcement, national security concerns, and
security consulting.

“This essential guide covers everything from effective communication to career
guidance for
the information security officer. You'll turn to it again and again for practical
information and
advice on establishing and managing a successful information protection program.

- - - - - - -

“The following statements are what others who have read the first edition of The
Systems Security Officer's Guide: Establishing and Managing an Information
Program have said:

“If you are looking to grow as a security professional, this book can definitely help
Regardless of if you're just getting started in the industry or if you have 20 years
under your
belt, you will learn something from this author. It discusses everything from
yourself, getting hired, planning, hiring staff, performing risk management,
classifying your
information, doing metrics analysis and of course how to deal with people and
politics in your
"ISSO" position. A definite must have for anyone looking to manage an Information
program for an organization.-Scott C. Sanchez, CISSP, New York, NY, USA

- - - - - - -

“I read this book for an Internet Security course and I was very intrigued with its
handling of
the subject matter. As the title suggests, it is a guide for an ISSO's job. It gives
clear insight
as to what you should be focusing on and how you should expect to handle your
day to day
job and also how important it is to get the entire company involved in your efforts. I
this book very much.” Arthur E. Gousby III, Hoboken, NJ, USA

- - - - - - -

“This guide is a very comprehensive introduction to everything an information
system security
officer should know, plan and do. It contains valuable information for personal
marketing. It is
an easy understandable book with lots of factual information-my favourite tutorial of
the year.”
- Lilian Hages, Germany

- - - - - - -

“I have found the Information Systems Security Officer's Guide by Dr. Gerald
provides many gems of wisdom, not only valuable to me as a former ISSO, but
also in my
role as a business continuity planning (BCP) professional. For example, I've
struggled with
how to facilitate BCP communication and interaction among our mission-critical
organizations. Making the BCP charter consistent with the company's Strategic,
Tactical and
Annual Plans, as Dr. Kovacich suggested, has provided the needed common
thread of BCP
motivation for rapid deployment. Most importantly from a personal perspective, the
idea of
the ISSO Portfolio in the chapter titled "How to Market Yourself as an ISSO" is
worth its
weight in gold! By following Dr. Kovacich's advice, I was able to effectively compete
for and
win my current global BCP management job.” - Robert L. McCord, Senior
Worldwide Business Continuity Programs, Ingram Micro Inc., California, USA

- - - - - - -

“Having both a law enforcement and private sector background, I appreciated the
premise of
Dr. Kovacich's book as it related to the information Security Officer's duties and
His approach will enable the reader to better understand the corporate environment
concerning, not only the management process involved in protecting information,
but also the
importance of communicating and interacting with the organization in a way that
people feel
motivated to develop and maintain a successful and effective InfoSec program. The
discusses important management tenets and procedures which demonstrates the
insight and experience in dealing with "real world" InfoSec issues. This book is
easy reading
and provides a clear understanding of the information security functions by taking
the reader
through the business and management environment and at the same time
stressing a very
important point that is often overlooked, i.e., an awareness and expectation that
change is
constant. I've recommended this book to those who are currently in the information
business and anyone who is attempting to pursue a career in this field. This book
would be
an ideal supplement to a variety of college courses and/or seminars pertaining to
and information technology.” - Jerry Swick, WorldCom Network Security
Operations Center,
Investigative Services, Los Angeles, California, USA

- - - - - - -

“Greater than I expected. Well thought-out and organized; written in simple, clear
good advice and guidelines for the new ISSO; excellent examples of using
techniques and tools for establishing an effective InfoSec program; forward looking,
especially the chapter on 21st Century Challenges for the ISSO. This is a
one-of-a-kind book
for the InfoSec professional and a must reading by all people interested in an
InfoSec career.
Even the experienced ISSO can find great value in this book. If an ISSO followed
guidance offered, success is almost a certainty. A book that should be adopted for
study in business management, computer science, and information security
courses.” -
Motomu Akashi, Security Manager and Software Engineer, Ford Aerospace
Western Development Labs (Retired), Palo Alto, California, USA

- - - - - - -

“Shows good research done prior to writing. * Written in easy to understand terms.
* Very
well organized. * Contains highly factual information. * Accurately portrays the
ISSO position.
* A must for any person responsible for developing and maintaining corporate
Systems security processes. * This guide is the best on the market today.” - J.
Ervin, former
Automated Information Systems Security Supervisor, Northrop Grumman
Palmdale, California, USA

- - - - - - -

“Companies are paying closer attention to information security management
issues. Those
who don't have policies and procedures are putting them together, and those that
have them know they need constant management. The world needs knowledgeable
infosecurity managers, but experience is hard to come by. If you're one of those
trying to get
a foot in the door, even if you already have a nonmanagement InfoSec job, you can
use all
the advice you can get. Information Systems Security Officer's Guide may be just
what you
need to get started.” - Information Security Magazine book review by David J.
October 2002

- - - - - - -


About the Author
Introduction by William Boni, Edward Halibozek, Andy Jones, and Steve Lutz

1. Understanding the Information World Environment
2. Understanding the Business and Management Environment 3. Understanding
Threats to Information Assets
4. The International Widget Corporation (IWC)

5. The ISSO's Position, Duties, and Responsibilities
6. The InfoSec Strategic, Tactical, and Annual Plans
7. Establishing a CIAPP and InfoSec Organization
8. Determining and Establishing InfoSec Functions
9. Establishing a Metrics Management System
10. Annual Reevaluation and Future Plans
11. High-Technology Crimes Investigative Support
12. InfoSec in the Interest of National Security

13. The Related World of Information Warfare, Information Operations, and
14. The ISSO and Ethical Conduct
15. ISSO Career Development
16. How to Market Yourself as an ISSO
17. So, Are You Ready to Become an InfoSec Consultant?
18. 21st-Century Challenges for the ISSO


- - - - - - -


“Because of the popularity of the first edition of this "ISSO" book, the publishers
asked me to
do a Second Edition. When I agreed to write a second edition, I wanted to be sure
not only
that it would be brought up to date, but that it would continue to be a useful
reference for you,
the reader. Over the years since the book was first published, I have received
comments and
recommendations as to the book's content and what should be included in any
new editions.
I also solicited numerous information systems security (InfoSec) professionals for
comments. Based on everyone's input, this new edition was written.
The changes in this edition include:
- An update of all chapters;
- The rearrangement of the chapters based on InfoSec professionals' input
what they considered a more logical flow;
- The dividing up of the chapters of this book into three major sections:
Section I: The Working Environment of an ISSO;
Section II: The Duties and Responsibilities of an ISSO; and
Section III: The Global, Professional, and Personal Challenges of an ISSO.
- Six new chapters:
Chapter 3, Understanding Today's Threats to Information Assets;
Chapter 11, High-Technology Crimes Investigative Support;
Chapter 12 , InfoSec in the Interest of National Security;
Chapter 13, The Related World of Information Assurance, Information
and Information Warfare;
Chapter 14, The ISSO and Ethical Conduct; and
Chapter 17, So, Are You Ready to Become an InfoSec Consultant'?.

“As with any book, sometimes the readers were critical of this book's first edition.
That's fine
if one can sit down and discuss InfoSec and ISSO responsibilities with the critics.
After all,
they have important points that could be considered when updating the book.
However, that
is usually not possible.

“So, with all that said, let me state for the record what this book is not:
- It is not a book that is the "end all and be all" of ISSO and InfoSec
duties, and responsibilities. The rapid changes in information environments, high
etc., make such a book impossible.
- It is not a technical book and does not purport to be-it will not tell you how
a firewall. The rationale is that there are many good books on the market that cover
aspects of InfoSec, nar rowly focused and very technical. It is expected that the
ISSO will
read these books as needed based on specific InfoSec needs of the ISSO.

“In short, this book's goal is to provide a basic overview of the InfoSec
professional's (ISSO)
world, duties, responsibilities and challenges in the 21st century. It is a primer. It
is about an
ISSO who must establish and manage an InfoSec program for an international
although all of the material is applicable to various work environments, such as
agencies or charitable organizations.

“It was written because over the years many associates and I had to establish and
such organizations and found no primer to guide us, So, over the past 40 years
that I have
been involved in various aspects of security, eventually focusing on InfoSec and its
functions in about 1980, I think I have developed a basic approach that has been
Others who have read this book, listened to my lectures based on what became
this book,
and whom I have mentored over the years have agreed with me.

“So, if you are an InfoSec techie, engineer, or the like looking for the Holy Grail of
protection, that is not what this book is about. However, if you want an ISSO
career, want to
know what the ISSO pro fession is all about, and want to be able to build a
foundation for a
successful InfoSec program and organization, then yes, this book is for you. This
book was
also written for non-InfoSec professionals in management positions, such as
security directors and business managers, who are responsible for overall
agency and business assets protection. These professionals should also know
what the
ISSO profession is all about and the basics of information assets protection.

“This book can also be used as a textbook or "recommended reading" for
university courses
related to security and information systems security. I hope you enjoy it.”

- - - - - - - -


Foreword by John P. Kenney
Understanding the Information World Environment
Understanding the Business and Management Environment
The Corporation Incorporated
ISSO Career Development
How to Market Yourself as an ISSO
The ISSO's Position, Duties, and Responsibilities
The InfoSec Strategic, Tactical, and Annual Plans
Establishing an InfoSec Program and Organization
Determining and Establishing InfoSec Functions
Metrics Management
Annual Reevaluation and Future Plans
21st Century Challenges for the ISSO
Recommended Readings
About the Author

- - - - - - - -


“DR. GERALD L. KOVACICH graduated from the University of Maryland with a
degree in history and politics, with emphasis in Asia; the University of Northern
with a master's degree in social science with emphasis in public administration;
Gate University with a master's degree in telecommunications management; the
Language Institute (Chinese Mandarin); and August Vollmer University with a
degree in criminology. He was also a Certified Fraud Examiner, Certified Protection
Professional, and a Certified Information Systems Security Professional.

“Dr. Kovacich has over 40 years of industrial security, investigations, information
security, and information warfare experience in both the U.S. government as a
special agent
and business as a technologist and manager for numerous technology-based,
corporations as an ISSO, security, audit and investigations manager, and
consultant to
United States and foreign government agencies and corporations. He has also
and managed several internationally based InfoSec programs for Fortune 500
and managed several information systems security organizations, including
service and support for their information warfare products and services.

“Dr. Kovacich has taught both graduate and undergraduate courses in criminal
technology crimes investigations, and security for Los Angeles City College,
College, Golden Gate University, and August Vollmer University. He has also
internationally and presented workshops on these topics for national and
conferences, as well as writing numerous published articles on high-tech crime
investigations, information systems security, and information warfare, both
nationally and
internationally. He has written more than 100 security-related articles that have
published in various international magazines.

“Dr. Kovacich currently spends his time on Whidbey Island, Washington. He
continues to
conduct research, write, consult, and lecture internationally on such topics as:
- Global and nation-state information systems security;
- Corporate information systems security;
- Corporate and government fraud;
- Corporate security;
- High-tech crime investigations;
- Information assurance;
- Proprietary information protection;
- Espionage, including Netspionage, economic, and industrial; and
- Information warfare-offensive and defensive.

“He is also the founder of ShockwaveWriters.Com, an informal association of
researchers, and lecturers who concentrate on these topics.”

- - - - - - - -
2004, 400 pages. Order #DR723.
- - - - - - - -
[Home] [Catalog] [Category] [Previous Item] [Next Item] [Checkout] [Review Cart] [Button]

Rothstein Associates Inc.

4 Arapaho Rd.
Brookfield, CT 06804-3104 USA
1-888-ROTHSTEin; (888.768.4783)
Telephone: 203.740.7444; 888.768.4783
Fax: 203.740.7401
E-Mail: info@rothstein.com

"Keep Me Posted"

Business Survival Newsletter

Rothstein Associates, Inc. is a BBB Accredited Business. Click for the BBB Business Review of this Financial Planning Consultants in Brookfield CT

SecurityMetrics for PCI Compliance, QSA, IDS, Penetration Testing, Forensics, and Vulnerability Assessment

Contact Us | The Rothstein Catalog on Disaster Recovery | The Rothstein Catalog on Service Level Books
Original Feature Articles | Disaster Recovery Forum | Today's Industry News | Links to Industry Web Sites
Management Consulting Services | Business Survival ™ Newsletter Business Survival ™ Weblog (New!)
‘Keep Me Posted’ | Privacy Policy | Site Map | RSS Feed | Rothstein Publishing


E-mail Rothstein Associates Inc.