Yesterday I blogged about ISO/IEC 2382 - Information technology - vocabulary . In particular, one of the ~2,000 ISO definitions stood out enough to catch my beady eye: “ Computer-system audit : examination of the procedures used in a data processing system to evaluate their effectiveness and correctness, and to recommend improvements”. Errrr, that covers  some of the audit work I have undertaken, led/managed, been subjected to or heard about in my career* but omits rather a lot e.g. :   IT governance arrangements, strategies, information risk and security management, direction and oversight, structure, integration with other business functions, rôles and responsibilities, accountabilities, reporting lines, assurance, continuous improvement, barriers and progress; Staffing levels and competencies, recruitment and retention, succession planning, contractors and consultants; Security administration, joiners/movers/leavers, culture, awareness and training, accounts/identif...

This week, I'm thoroughly engrossed by a deep dive into ISO/IEC 2382, a suite of standards on IT terminology from the 1990's around the end of the previous millennium - ancient history as far as IT goes. "ISO 2382 was initially based mainly on the usage to be found in the Vocabulary of Information Processing which was established and published by the International Federation for Information Processing and the International Computation Centre, and in the American National Dictionary for Information Processing Systems and its earlier editions published by the American National Standards Institute (formerly known as the American Standards Association). Published and Draft International Standards relating to information technology of other international organizations (such as the International Telecommunication Union and the International Electrotechnical Commission) as well as published and draft national standards have also been considered." I say "IT" but it...

The CISO Playbook by Andres Andreu ISBN:  978-1032762074 US $48 from Amazon (softback) GH rating: 70% Summary The CISO Playbook  is a valuable resource for cybersecurity specialists seeking to build on their technical competencies and progress, or for mid-level IT professionals looking to deepen and extend their understanding of cybersecurity technologies. However, aspiring or newly promoted or appointed CISOs seeking practical advice on the leadership and management challenges of a true C-suite role are out of luck.  The book  leans towards technical details rather than leadership and management topics, core parts of the CISO role.   While the technical coverage is commendable, the book would benefit from a broader perspective that encompasses the full scope of a CISO's senior management responsibilities.  Frankly, and despite the title, t he approach described is, I feel, better suited to Cybersecurity or Information Security Managers, heads of department...