Tuesday, October 2, 2007

A Promising New Book: The Pragmatic CSO (Chief Security Officer)

Last week I ran across a book I had not seen before. From the looks of things it reasonably could have been entitled "The Pragmatic CIO/CTO/IT Director/IT Engineer/IT Consultant". It is actually called The Pragmatic CSO. CSO stands for Chief Security Officer. Even if your organization doesn't actually have a CSO, there is a de facto one -- whomever is in charge of IT.

Since anyone within the IT group involved in spec'ing solutions needs to have a connection to the underlying business drivers in order to get buy-in from management for their project to proceed, this book ought to be useful to IT manager and geek alike. At least those that want to see their budget requests approved. :-)

This appears to be a promising resource with some good food for thought and practical approaches all collected together in one place. And, to boot, the approaches that look to be discussed should be readily applicable beyond IT security, to any IT project. No IT project proposal will get very far without a business case.

The book's web site is http://www.pragmaticcso.com. It is available as a regular book or electronically. You can get a sample section e-mailed to you from the web site. Or you can d/l the introduction chapter directly here:


I have only read through the Table of Contents and Introduction and poked around at a few reviews at security blogs I monitor. If anyone else gets a copy and reads through more of it before me, please share your comments.


1 comment:

Mike Rothman said...

Thanks for mentioning the Pragmatic CSO. Although the story is told through the eyes of the IT Security professional, many of the techniques I discuss are relevant beyond just security.

I'd also mention that folks can get the introduction at the download link, if they want my "5 Tips to be a Better CSO," they'll need to register their email on the Pragmatic CSO website. Registering also gives access to the weekly Pragmatic CSO newsletter.

Thanks again.