Sometimes I’m asked why I wrote this book, and my answer can be summed up by a very simple story. While I worked for a large audit firm, I was phoned up by an auditor I vaguely knew. “Hi, I have an interview for the position of security manager next week,” he said with obvious enthusiasm. “I know it’s got a lot to do with passwords and hackers, but can you give me more details?”

He must have thought I hung up by mistake because he phoned back—twice!

This book isn’t the most comprehensive security text ever written, but I think it contains many of the things you need to understand to be a good IT security manager. It’s exactly the kind of book my auditing chum would never buy.