IT Security Management
How to set up an IT Security function
After long months and long hours of research, writing and editorial work, there is a new book I recommend on the topic of IT Security Management and how to create, grow and develop an IT security team while providing business value.
There is an extensive bibliography delving into the field of IT Security, from very technical aspects to information governance. However, there are not so many titles with both a technical and a human vision on how to create an IT security team, a team of IT Securiteers.
It is published by Springer within their Lecture Notes in Electrical Engineering series. This book is a key component to build the syllabus of a Masters Degree in Information Security or IT Security Engineering.
Its title is "IT Securiteers: How to set up an IT Security function".
You can find it, together with a brief intro, in the publisher's site - Springer - and in Amazon, among other sites.
(Certainly, any comment on the content, feel free to drop a comment here!)
You can also "follow the book" in twitter @itsecuriteer.
The following words come from the publisher's site:
IT securiteers - The human and technical dimension working for the organisation Current corporate governance regulations and international standards lead many organisations, big and small, to the creation of an information technology (IT) security function in their organisational chart or to the acquisition of services from the IT security industry. More often than desired, these teams are only useful for companies’ executives to tick the corresponding box in a certification process, be it ISO, ITIL, PCI, etc. Many IT security teams do not provide business value to their company. They fail to really protect the organisation from the increasing number of threats targeting its information systems. IT Security Management provides an insight into how to create and grow a team of passionate IT security professionals. We will call them “securiteers” . They will add value to the business, improving the information security stance of organisations.