This book is almost completely focused on how to deal with the people and the culture with in an organisation in your role as a security manager. That is not meant as a complaint. Getting done for security within an organization depends heavily on how other people and departments cooporate with you.
From a techie point of view, this is not what you would be dealing with everyday. As a CISO though, this is vital information for managing both the internal team and the relationships within the organization to ensure you are doing the best in your role.
Amazan Affiliate Link
The subject matter of the book are:
- Cultivating relationships within the organization
- Ensuring alignment of the job role with the organization requirement
- Foundation of the security program
- Getting good communication to others within the company on the role of security
- Depending on others to ensure their products and services comply with overall security requirement
- Managing your team
- Measuring for ROI
- Dealing with audits and auditors
It also highlights the requirement that CISO be somewhat familiar with the technology involved while not requiring to be an expert in the technology.
Overall it is a quick read and definitely worth a go through once at least.