The Executive Guide to Information Security (Paperback) | Released: 10 Dec 2004

Praise for The Executive Guide to Information SecurityPraise for The Executive Guide to Information SecurityEvery CEO is responsible for protecting the assets of their corporation--the people, intellectual property, corporate and customer information, infrastructure, network, and computing resources. This is becoming both more important and more difficult with the rise in the number and sophistication of cyber threats. This book helps the CEO understand the issues and ask the right questions to implement a more effective strategy for their business.--Steve Bennett, president and CEO, IntuitMark Egan and Tim Mather help nontechnical executives gain a comprehensive perspective over the security challenges that all companies face today. This book is well structured and practical. Yet, it also stresses that a strategic approach to cyber security is essential, and that tone at the top will determine the effectiveness of any corporate cyber security policy. palmOne, and PalmSource, IncThis book is not about cyber security; it s about managing one s company and the role that cyber security plays in that scenario. It s chilling to think of how vulnerable the assets of a business are on a computer network; this book is a fire alarm in the night for business executives to realize computer security is not a tech issue--it s a business issue worthy of the same attention and priority that business executives might place on any other mission-critical element of their company.--George Reyes, CFO, GoogleThis is a must read for any executive of any size company. The Internet makes all businesses equal in that they are subject to the same types of threats regardless of their product. In this book, the CIO and security director of one of the top security companies makes the business case for security and tells you what to do to successfully mitigate threats.--Howard A. VP CISO eBayThis book gives an excellent overview of the issues around securing information at a time in our history when information is extremely vulnerable to outside attack, retrieval, or manipulation. Steps taken now can make a huge difference to a company s ability to survive and thrive in a heterogeneous attack culture.--Bob Concannon, Global Practice Leader, Boyden Global Executive SearchFew if any books expose the business executive to the serious and critical nature of existing and evolving security issues using nontechnical terms. Executives can no longer afford to delegate the responsibility and accountability for security without understanding the issues and without assuming the ultimate responsibility for security in the firm. This book should become required reading for every business executive, regardless of product or company size.--John Moreno, chair, MS in Information Technology, Golden Gate UniversityThis book details the what, why, and how to solve issues of information security in business today. basics of information security in a very understandable way, and reviews approaches for addressing these risks and threats.--David Schwartz, managing director, Derivative Products Risk Advisors, Inc.This book fills a void by addressing the key criteria executives need to consider when implementing an effective information security plan within their organization.--Shobana Gubbi, former project manager of IOS Technologies, CiscoA Business-Focused Information Security Action Plan for Every ExecutiveToday, every executive must understand information security from a business perspective. Now, this concise book tells business leaders exactly what they need to know to make intelligent decisions about security--without ever getting lost in the technical complexities.The Executive Guide to Information Security offers realistic, step-by-step recommendations for evaluating and improving information security in any enterprise. From start to finish, the focus is on action: what works and how to get it done. security challenges and obligationsTrends in security attacksSystematically identifying your risks and vulnerabilities Implementing best-practice processes for access, acceptable use, training, strategy, and emergency responseEffective executive leadership, governance, and metrics Staffing security--coping with a shortage of expertiseWhether you re a CxO, a line-of-business executive, or an IT executive who needs to get colleagues up to speed, this is the nontechnical, business-driven security briefing you ve been searching for.Mark Egan is chief information officer and vice president of the Information Technology Division of Symantec. In
About the Author:

The Executive Guide to Information Security About the Authors

Mark Egan is Symantec's chief information officer and vice president of information technology. He is responsible for the management of Symantec's internal business systems, computing infrastructure, and information security program. Egan led the rapid transformation of Symantec's internal information systems over the past four years, as the company grew to be the leader in Internet security. Egan brings more than 25 years of information technology experience from a variety of industries. Prior to Symantec, he held several senior-level positions with companies including Sun Microsystems, Price Waterhouse, Atlantic Richfield Corp., Martin Marietta Data Systems, and Wells Fargo Bank. He is a member of the American Management Association's Information Systems and Technology Council and serves on the technical advisory boards for Golden Gate University and the Center for Electronic Business at San Francisco State University. Egan is also co-chair of TechNet's Cyber Security Practices Adoption Campaign. Egan was a contributing author to CIO Wisdom and is a frequent speaker on best practices for information technology and information security.

Egan holds a master's degree in finance and international business from the University of San Diego and a bachelor's degree in computer sciences from the University of Clarion.

Tim Mather is Symantec's vice president and chief information security officer and is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Manager (CISM). As the chief information security officer, he is responsible for the development of all information systems security policies, oversight of implementation of all security-related policies and procedures, and all information systems audit-related activities. He also works closely with internal products groups on security capabilities in Symantec products. Prior to joining Symantec in September 1999, Mather was the manager of security at VeriSign. In addition, he was formerly manager of information systems security at Apple Computer. Mather's experience also includes seven years in Washington, D.C. working on secure communications for a classified, national-level command, control, communications, and intelligence (C³I) project, which involved both civilian and military departments and agencies.

Mather holds master's degrees in national security studies from Georgetown University and international policy studies from Monterey Institute of International Studies. He holds a bachelor's degree in political economics from the University of California at Berkeley.