More Recommended Reading

Information security should be managed using similar methods to any other business process.  As such, Russell Ackoff is one of our most celebrated management thinkers;  he has much to offer to the practice of security management.  This book is a compilation of essays under several of his major themes.  One is the necessity for systems thinking in developing solutions to problems.  This concept is especially critical to management of information security, given its holistic objectives.  A second theme is managing for change.  This is another great security objective, since threats are never predictable and the organization must be able to adapt with suitable controls.  Other essays on  mission statements ("it should...enable progress toward objectives to be measured"), planning and management systems will be a good source of ideas that can be applied to improve any security management program.