Table of Contents:
Initially I was motivated to write a book on the topic and this was to be the summary I would submit to publishers. I intended to write a 100-200 page book that would essentially expand each section into a chapter. After a lot of initial enthusiasm, I rapidly bogged down when my research indicated that a new author has about as much chance of publishing a successful book as he has of winning the lottery. Several years ago I tried to market a proposal to write an information security book targeted toward middle managers giving them the tools and information to cost-justify the addition of security to IT projects. Even though I had a really nice sound byte from a senior Microsoft security engineer, I wasn't able to get interest from either of the publishers I approached (yes, I know that people get rejected all the time, but I can easily live without being a published author, so don't care for it). This time I felt I would make use of a literary agent thinking that would help solve my problem, but it seems that getting an agent is at least as much work as getting a book published in the first place! Add to all this the fact that a well received book sells 10-20K copies (in total!) and the average payment to the author is $1-3 per book, and you can see how there isn't a lot of economic payback. So, I dropped the idea and stuck the proposal here where probably a handful of friends and family will see it and that will be all. Such is life...
Note: if you would like to discuss this paper, I have started a blog and you can access the post on this paper here.
If you would like to discuss the article, please go here.