Information Security Governance Simplified: From the Boardroom to the Keyboard

Information Security Governance Simplified: From the Boardroom to the Keyboard. By Todd Fitzgerald. CRC Press; crcpress.com; 431 pages; $79.95; also available as e-book.

Juggling two balls is something that most people can do, but juggling six balls takes dexterity and practice. Juggling the complexities of current IT environments requires a significant amount of skill. Besides considerations of technical, business, and financial elements, there also are regulatory requirements for oversight and governance.

In Information Security Governance Simplified, author Todd Fitzgerald provides an excellent over­view on how security managers can create an effective information security program without breaking the bank. He shows the reader how to create a governance program that includes all of the necessary managerial, technical, and operational controls. Creating such a program is not a trivial endeavor, and Fitzgerald offers numerous tips and real-world examples.

The book has 30 pages of operation controls detailing all of the points needed to create a governance program. Controls are mapped according to various regulatory requirements. Anyone looking for a comprehensive guide on creating an information security governance program written in a readable manner will find this book to be a great resource. Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), is an information security manager with Wyndham Worldwide Corporation. The views expressed are his own.

Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), is an information security manager with Wyndham Worldwide Corporation. The views expressed are his own.