The layout of this book

            One objective of this book is to help a candidate prepare for
            ISACA's Certified Information Security Manager (CISM®)
            certification or (ISC)2’s CISSP®... This book follows the
            structure of the current standards in Security Management
            including the ISO/IEC 27002 - Security Techniques - Code of
            Practice for Information Security Management, ISACA's
            COBIT version 5, the Sherwood Applied Business Security
            Architecture (SABSA), and (ISC)2's CISSP® CBK®, among
            others. This book is intended to assist a person wishing to
            advance their knowledge and an overall understanding of the
            fantastic field of information security management. Perhaps
            towards obtaining a certification such as Mile2's C)ISSO,
            ISACA's CISM®, SANS GSLC, or (ISC)2's CISSP®, but most
            of all the purpose of this book is to provide meaningful benefit
            to the person wanting to be better at their job responsibilities in
            the field of information security.

            The examples used in this book are real and demonstrate the
            challenges faced by many security professionals. Hopefully, we
            can all learn from their experiences and benefit from the lessons
            they have learned. The book is intended to be practical, not just
            theoretical. Still, we have learned over the years that knowing
            some of the history and theory behind why we do certain things
            may also be invaluable in helping us understand how to leverage
            the lessons of the past and avoid repeating the same mistakes.

            In summary, the most benefit from this book can be obtained by
            seeing the topics as:
            - Practical, not just theoretical.
            - Useful, not just conceptual.