Book Reviews: Information Security Books and Product Reviews – Information Security Management Principles

Book Title: Information Security Management Principles

Subtitle: An ISEB Certificate

Author(s): Andy Taylor (Editor), David Alexander, Amanda Finch, David Sutton

Publisher: British Computer Society (BCS)

Date of Publishing: October 2008

ISBN(13): 9781902505909

Price (UK&US price – full price, not discounted price): £24.95,   $44.95

URL of Publisher Site: British Computer Society

URL of Amazon UK web page:  Information Security Management Principles: An ISEB Certificate

URL of Amazon UK (Kindle) web page: Information Security Management Principles: An ISEB Certificate

URL of Amazon US web page: Information Security Management Principles – An ISEB Certificate

URL of Amazon US (Kindle) web page: Information Security Management Principles – An ISEB Certificate

The Information Systems Examinations Board (ISEB), an examination awarding body and part of BCS, has been issuing an Information Security Management Principles (CISMP) certificate for years.  This is the book that accompanies the syllabus issued by the ISEB:  the syllabus that this version of the book covers is not the latest (version 7.2 at the time of writing this review), however this does not in any way devalue the book and I would highly recommend any student considering the CISMP examination to purchase a copy.  So, what are the changes?1. The Information Security Controls section has now been split into five separate sections:  Technical Security Controls, Software Development Lifecycle, Physical and Environment Security Controls, Disaster Recover and Business Community Management and Other Technical Aspects (forensics and cryptography).  However, all the same information in the syllabus is in the book, just re-organised.2. A new section on Cloud Computing has been includedThis book is 193 pages long and is structured to conform with the version of syllabus when it was published.  Therefore, chapter one covers section one of the syllabus (i.e. Information Security Management Principles), and each chapter is structured to describe each sub-section of the syllabus.  I particularly like that for each subsection of the syllabus the book defines the learning outcomes and provides one or more activities for the student to undertake to assist in the learning process.  Each chapter also provides a variety of sample questions in multiple choice form (as well as the answers).

Although the book is targeted at students taking the CISMP examination, I would still recommend this book for any IT professional wishing to understand more about information security.  The language used in the book is very accessible, so I would also recommend it to any senior manager wishing to understand the basics.

If you want an excellent introduction to information security you could do worse than buying a copy of this book.  Highly recommended.

Marks:  5 out of 5


You don`t have permission to comment here!