BKSECGOV.RVW 20061110 "Security Governance", Fred Cohen, 2005, 1-878109-37-5 %A Fred Cohen http://all.net %C 572 Leona Dr, Livermore, CA 94550 %D 2005 %G 1-878109-37-5 %I Fred Cohen and Associates %O 925-454-0171 all.net %O http://www.amazon.com/exec/obidos/ASIN/1878109375/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1878109375/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1878109375/robsladesin03-20 %O Audience a Tech 1 Writing 2 (see revfaq.htm for explanation) %P 96 p. %T "Security Governance: Business Operations, Risk Management, and Enterprise Security Architecture" Most of the security frameworks available are in the form of a checklist, so why shouldn't Cohen's CISO Toolkit (see also BKCISOGG.RVW for the "Governance Guidebook" and BKCISOHB.RVW for "The CISO Handbook") have one? In fact, Cohen's version may be considerably easier to understand and use, particularly for those with a business, rather than a security, background. While most security frameworks are structured according to a taxonomy of security concepts, the checklist in "Security Governance" is based on business models and concepts. For example, the four major divisions are made on the basis of business functions and modelling, oversight, business risk management, and enterprise security management. Therefore, the businessperson working through the points will start with the familiar, and only later have to face items directly discussing security. (Even then, the security issues are those regarding the position and management of security within the organization.) Regardless of other security frameworks that you may use, Cohen's checklist will be of value. While many items will have relations to details in other indices, the articles and entities in "Security Governance" address a number of issues that are not found in most security frameworks. Let's face it: regardless of the emphasis or perspective, security frameworks tend to follow the same general outline. Cohen's work is idiosyncratic--and, in this case, that's a useful characteristic. Also, most security frameworks give you a checklist of about 135 items for roughly U$150: Cohen gives you over 900 points for U$49.00. copyright Robert M. Slade, 2006 BKSECGOV.RVW 20061110