Covers every detail, including some missed in other books. This thorough book provides a clear roadmap to designing, implementing and operating IT Security Management. The author leaves no key process out and completely covers everything from initial concept to measuring effectiveness and process improvement. The book starts with an initial strategy that is focused on planning IT Security Management services that are completely aligned to requirements and are based on a mission statement. This business-oriented approach is refreshing and will keep IT grounded in the real reasons for a IT Security Management. More importantly is the process for careful selection of services to provide. An overly ambitious set of service goals will kill a IT Security Management implementation early in its life by offering too much before there is a stable IT Security Management process in place. This book is realistic and lays the foundation for a successful implementation. The section on the actual design of the IT Security Management structure provides insights and information that can be applied to a large number of solutions. Since IT Security Management will be organized in accordance with requirements and unique mission statements, this section of the book is like a catalog of patterns. It has excellent tips on how to best structure IT Security Management to meet requirements and mission. The information on accurately estimating requirements is consistent with industry best practices and something that, believe it or not, is often overlooked when IT Security Management is established. This book gets into the meat by thoroughly covering the processes that are essential to running ITSecurity Management. There are many topics that stand out as both unique [to books of this genre] and reflect best practices by the best-run IT Security Management Managers. Examples are change control, disaster recovery and vendor management. These topics show that the author not only considers business alignment, but also cross-functional alignment within IT. Professional resources and underlying technology are provided in detail. This book contains an in-depth coverage of operational requirements for IT Security Management once it has been implemented. It hits all of the critical success factors, such as performance metrics, service level agreements, communications and internal evaluations. It even has a chapter on marketing, which is something that is important but not often done by most IT Security Management Managers. This proactive approach to keeping users (your customers) informed of new services, accomplishments and tips is excellent and will go a long way towards attaining high customer satisfaction scores - not to mention proving the value of the IT Security Management to IT and business management. You will find this book to be one of the best for planning and implementing world-class IT Security Management.