I have a book, "IT Governance", by Alan Calder and Steve Watkins. It's billed as a manager's guide to data security and this standard.
Now, I'm used to reading books -- I think they're called "popularisations" -- which attempt to translate difficult and involved topics into plain English for the lay reader. Easily a third of my non-fiction falls into this class. Most of them are very good at achieving this translation without losing the precision of the source material.
This one isn't.
It repeatedly uses terms which are quite evidently technical terms with precise definitions within the standard. The trouble is that it doesn't define these terms anywhere in the text, they don't appear in the (otherwise half-decent) index, it's not clear from context what these terms mean, and they're used in different places in ways which aren't consistent, which can't be consistent, with each other.
It means that the only way a non-technical person can gain a proper feel for how the standard should be applied is to read the standard itself, which is huge and dull and dry ... or get some other book which translates it into English.
Not this one.