The new book is HERE!!!
Here are two quick shots taken while opening up the first shipment of books! Below the pictures I briefly sum up the intent of the book. Of course, the major book sellers present it better, and you can read the entire back covers and inside flaps here.
A brief overview:
Over the past year and a half I have been putting together a book with the magnificent crew at John Wiley & Sons Publishing (a company that is over 200 years old – a point that makes sense if you skim my final closing chapter). I have had a tremendous amount of help from friends, colleagues, companies, and numerous industry and government enforcement groups. My family was especially kind while I put together the book – allowing me to lock myself in my office while I sought to simplify the book to ultimately become:
A global synthesizing of how society and business has progressed over the past 100 years to integrate information technology, and their relative importance to business. The work is based on an analysis of over 140 separate public frameworks, laws, audit reports, and numerous guidance documents plus personal experience auditing and assessing over a million systems around the world. This effort resulted in an identification of key principles that represent the best practices that globally competitive organizations must adopt to balance the risks and rewards of operating in the 21st century. An action plan is designed to enable businesses to evaluate their important controls and consider the next 100 years.
A great deal of time is spent exploring PCI DSS, NERC, SOX, FFIEC, and their related controls. Plus some interesting challenges related to virtualization, grid computing, and the implied reliability of the Internet backbone. Thank you for taking the time to visit and contribute to this forum, and your feedback and future comments on this site.