Redefining Information Security was a really interesting read. It's billed as being for security and technology leaders - as I was reading I was thinking about this, and I actually think it would probably be most useful for IT leaders who haven't done too much in the way of security governance, or alternatively for earlier career people working in security who may be really into the tech but would like to learn more about the bigger picture. The bulk of book gives a great overview of today's threat landscape, challenges businesses face, what a CISO needs to think about and do, risk management and other threads of activity you'll see in most larger enterprises - giving food for thought for smaller companies too. For me the most insightful parts of this book were "Practical implementation: from theory to action", particularly setting security objectives, which is a concept that can be difficult for boards to grasp. The chapter on "Metrics for security empowerment" was a close second, it did what it said on the tin, giving solid ideas for what to measure. Definitely worth the time spent reading, and I'd recommend to others.