Book Reviews: Information Security Books and Product Reviews – Securing the Clicks

Book Title: Securing the Clicks

Subtitle: Network Security in an Age of Social Media

Author(s): Gary Bahadure, Jason Inasi and Alex de Carvalho

Publisher: McGraw Hill

Date of Publishing: 1st Dec 2011

ISBN(13): 9780071769051

Price (UK&US price – full price, not discounted price): £29.99,  $40.00

URL of Amazon UK web page: Securing the Clicks Network Security in the Age of Social Media

URL of Amazon UK (Kindle) web page: Securing the Clicks Network Security in the Age of Social Media

URL of Amazon US web page: Securing the Clicks Network Security in the Age of Social Media

URL of Amazon US (Kindle) web page: Securing the Clicks Network Security in the Age of Social Media

My role as an information security professional largely involves facilitating communication between users and technical people and between different departments within organizations regarding information security. For this reason I was able to appreciate the nature of the big task that the authors of this book set themselves. Their target audience includes Directors of Information Technology, Human Resources, Marketing, Sales and other executives, as well as the owners of medium and small sized businesses, and executives and that covers a great range of perspectives and experience. These differences mean that there is a requirement for ensuring a common baseline understanding of the target audience profile, which is harder to establish where, as in this case, there are a number of authors. I can see that the use of the case study, especially in the latter part of the book, works well in drawing the ideas together for all levels. However, I think a glossary and clear definition of the core concepts, such as ‘Social media’ was essential. At one point e-mail appears to be included, with regard to the risk of people moving data out of the network, and also Instant Messaging; neither of which would appear in a normal definition of social media.I think that many of the issues raised are important, and discussed in a useful amount of detail, especially for a non-IT security manager. The threat assessment and, ‘What can go wrong,’ chapters are useful, if a little sensationalist at times. For example, I am not sure that someone examining a Facebook profile is quite as likely to be able to gather enough information to get access to all the users other password protected sites as they suggest. However, it is a risk, which is why the importance of secure passwords should be emphasized during the induction of staff in any company.The key issue that concerned me, however, is that this book has a feel of one assembled with each specialist inputting a chapter in their area of expertise, rather than having a unified overall vision. While this means that all areas potentially come from a high level of expertise and experience, there is a requirement for strong leadership throughout the creating process to keep a strong structure and consistent voice (this is an editorial issues for the publisher rather than necessarily for the authors). It is here where I feel the authors have been let down. There are inconsistencies of presentation and approach that make it harder to read than I expected. Some chapters have a clear outline at the beginning, some include it after an introduction or case study, and others don’t use one at all. Also, there doesn’t seem to be a basic understanding of the background of the reader. When you consider the target audience, the statement, “We are all familiar with spyware, and most of us have probably installed spyware scanners and antivirus products,” I’d say it is a little optimistic. I am sure there are those outside IT for which this statement is true, however, it can hardly be a sensible assumption that this is the normal experience of an HR or sales executive. The use of the evolving case study is helpful, and especially as the company improves its score on their H.U.M.O.R matrix in the second half of the book. However, in the middle of the book, the way progress is tracked is less consistent and is sometimes just a highlighted paragraph. While there probably wasn’t enough progress on the scale to warrant a new matrix, feedback in a way that reflected the tabular nature of the main analysis would have been helpful.

The emerging problem with social media was clearly in the minds of some of the writers. Until recently, larger businesses were still controlling social media usage with technical controls on corporate machines; but the use of smart phones and tablet devices, at the executive level, often owned by the individual, has made this control harder to implement. Their suggestion that the relevant ‘apps’ be installed on all devices by the IT department and set to update automatically, shows a useful and straightforward approach, but more indications of their awareness of the changes in device usage would have been welcome. Current changes will mean that this book will need to be revised within a couple of years to allow for the difference in the way people both access and use social media.

I feel this book has great intentions and its use of an analysis tool is a very good core methodology. However, at this point the authors are let down by poor editing that allows for inconsistencies in presentation and style, making it difficult to read as a non-technical person. I hope there is a chance to revise and update this book under a stronger editorial stewardship, and in so doing the publisher will make a book that is more powerful. If the changes were implemented in this way, at that point I would hope to be able to recommend it more strongly. 

Marks: 3 out of 5