Being audited many times during my career has opened my eyes to how important it is to cooperate with the security agents, deeply know how to trace risks and build controls to mitigate their effects. Raymond Pompon is what you call the specialist of the specialist, started working in the Network area and moved to the Security area where he became a director. His knowledge and experience is so solid it makes this book an authority when it comes to Security standards.
During the reading, you can absorb many of the most modern and efficient methodologies and procedures about securing an organization. With many analogies, it gets really easy to associate the treats with common situations of the everyday life, and with that, see the real importance of shutting some doors.
A great amount of the book is destined to people who want to get their business audited. For them, it is presented specifications, documentation and special procedures needed.
This isn’t the reason why I choose to read this book in the first place, but aside of that, audit technicalities Raymond wrote tons of good practicing to be applied in a business environment. He raised all of the most likely risks a company may be threatened with and for each one of them he presented many workarounds and many controls to completely eradicate those risks or at least minimize their likelihood and impact.
Also he shows the importance of cooperation and how the security of a business is a job for every person and not only for the security team. He showed how to elaborate committees and how to pick people in each department to be someone with a security-comes-first mentality to represent the committee in that particular department.
Other highlight is how the book brought all the cases where people have not thought that security measures were important and how this scenario can lead a company into many complications. Some of them face the most complete and dark chaos right until the business is extinguished, not before leaving the owners and the accountable workers all the painful legal chargers. There were also other cases where only economic losses happened, but it can still be dreadful as well.
This book is suitable to every IT professional, either in or out the Security area, it aggregates important and desirable knowledge for those seeking for greatness in every IT segment.