Introduction ◾ xix
SIDEBAR: HOW TO READ A BUSINESS BOOK
1. Decide, before you start, that you’re going to change three things about what you do all day at work. Then,
as you’re reading, fi nd the three things and do it. The goal of the reading, then, isn’t to persuade you to
change, it’s to help you choose what to change.
2. If you’re going to invest a valuable asset (like time), go ahead and make it productive. Use a postit or two,
or some index cards or a highlighter. Not to write down stuff so you can forget it later, but to create march-
ing orders. It’s simple: if three weeks go by and you haven’t taken action on what you’ve written down,
you wasted your time.
3. It’s not about you, it’s about the next person. The single best use of a business book is to help someone
else. Sharing what you read, handing the book to a person who needs it…pushing those around you
to get in sync and to take action—that’s the main reason it’s a book, not a video or a seminar. A book
is a souvenir and a container and a motivator and an easily leveraged tool. Hoarding books makes
them worth less, not more.
Seth Godin
Terms Used in This Book
Business unit—To eliminate confusion between the organization as a whole and the business
suborganizations such as departments and divisions, the term business unit has been chosen
to refer to these suborganizations.
Consumer/Customer— e terms consumer and customer are used in a general sense. ese
terms include those external entities that purchase products or use services from the orga-
nization as a whole, as well as those external or internal entities that use the services of a
business unit within the organization—for example, business units that use security services
and/or products and are subject to security governance.
Core Competencies—Core competencies are the specifi c strengths of an organization that
provide value in a market space.
Core Values—Core values are the operating principles that guide an organization’s conduct
and relationships.
Corporate security— e terms corporate, physical, and facilities security refer to the group
that manages the security of physical assets such as facilities, equipment, and inventory.
Corporate security is typically responsible for surveillance, building access controls, security
offi cers, loss prevention, and associated events.
IT security—IT security refers to the group that manages the security of information assets
stored, processed, and transferred on computer-based technologies. IT security is typically
responsible for the confi dentiality, integrity, and availability of digital information, compli-
ance with statutory, regulatory, and industry requirements, and business continuity/disaster
recovery planning for IT services.
Organization— is term, used in a generic sense, refers to for-profi t and nonprofi t businesses
(companies, corporations, and enterprises) and government entities/agencies.
Security— is book takes a holistic approach to security, so the terms security and security
group encompass both corporate and IT security functions.
Security group—To eliminate confusion between the organization as a whole and the security
suborganization, the terms security group or security function have been chosen to refer to the
security suborganization.
Stakeholder—A stakeholder is a party who is or may be aff ected by an action or actions taken
by an organization, for example, employees, managers, board members, shareholders, cus-
tomers, contractors, vendors, and partners.
TAF-K11348-10-0301-C000g.indd xixTAF-K11348-10-0301-C000g.indd xix 8/18/10 2:48:01 PM8/18/10 2:48:01 PM