This guy knows his stuff - perfect for a manager and even a technical manager too.,
Verified Purchase(What is this?)
This review is from: How to Cheat at Managing Information Security (Paperback)
Straight forward with a bit of British humour (not a bad thing).
A little out of date (e.g. only passing reference to PCI) but principles and most of the tech is still true.
If you take his advice you'll go far: Strategy, then tactics, then processes, procedures etc, do good audits of everything, proper planning - sounds obvious but most people rush headlong into trying to tick off the gap analysis points without defining and designing and implementing an overall solution properly. Do a Risk Analysis (or whatever you want to call it)!