Nine Steps to Success: An ISO27001:2013 Implementation Overview Third Edition

As an IT professional starting the journey of implementing the ISO 27001 framework, I found this book by Alan Calder to be extremely useful. It's like having a $300/hr consultant at your elbow as you consider the aspects of gaining management support, planning, scoping, communication, etc. It's a short book, but written from first hand experience. It can also be shared with the other stakeholders in your organization to build an understanding of what an ISO 270001 project means.

This review does not question the author's experience or expertise, it solely refers to the contents of this specific book. This book gives little to no value for reader as the 9 steps for success turn out to be key phrases you'll find anywhere on the web when searching for ISMS or ISO27001, e.g. get top management commitment, define strategic and operational levels, raise awareness, etc. Also, if you are CISSP like I am, these "steps" were drilled in during your training and are core parts of the CISSP exam (and are basically common sense too). There is little to no actual ISO27001 guidance in this book. Instead the author focuses very hard on pointing the reader to his other books. Judging by the page count those will no doubt be quite extensive and detailed, so again: no disrespect to the author intended. I just don't appreciate spending money on a book only to find out it is a sales pamflet for other books. The author also seems to make a point to discourage using consultants as security experts, which I -being freelance consultant that tries to deliver as much value to my customers as possible- found increasingly annoying and even offensive at times. I would have preferred spending these dollars on another book.