Book Reviews: Information Security Books and Product Reviews – The Basics of Information Security

Book Title:  The Basics of Information Security

Subtitle: Understanding the Fundamentals of InfoSec in theory and practice

Author: Jason Andress

Publisher: Syngress, Elsevier

Date of Publishing: June 2011

ISBN(13): 9781597496537

Price (UK&US price – full price, not discounted price): £18.99,  $29.95

URL of Amazon UK web page: The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice

URL of Amazon UK (Kindle) web page: The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice

URL of Amazon US web page: The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice

URL of Amazon US (Kindle) web page: The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice

At the outset the author challenges himself not to be “boring, boring, boring,” which he asserts as the expectation of books on this subject. That is certainly a grand target and one that he largely achieves.Although the subject matter ranges from very basic to reasonably detailed; and would be of interest both to generalist managers that have found themselves to now have security responsibilities, to the more technical person who needs a better understanding of other areas of this vast subject: and this book manages it well. There are two reasons for this. Firstly, it is well written with a consistent and clear style. Secondly, it is well designed with well-paced paragraphs, diagrams where necessary (to enlighten not distract) and additional ‘pop-out’ boxes with slightly more detail for the interested.The layout allows the more knowledgeable reader to skip early definitions and move to more detailed examples without loosing the flow of the narrative.The book’s structure takes the reader imperceptivity from concepts that most readers will have some familiarity of, such as identification of the person wanting to access a document or service, to more technical explanations of how this can be achieved. From my own point of view having read many management books in my previous career, I feel that the style of this book would be familiar and comforting to a professional manager, even one new to information security. There are even pages at the back for making notes and doing the exercises at the end of each chapter: this is truly a book you work through.If I were to make one criticism it would be that I felt a bit abandoned at the end. The last chapter was on application security, not my best subject, and so I finished without the positive feeling I had had in earlier chapters. I feel that, given the target audience, it would have left the reader with a better memory of the book if there had been a short summery and conclusion, perhaps with some examples of real life events that the reader could better understand at the end of the book than they had at the beginning. This giving them a good view of how they had progressed.

However, this is only important because I feel that people will learn from reading this book. It is not heavy, an ideal commute book even in it’s traditional (i.e. non-ebook) format), and not a strain for early morning and late evening travel.

I recommend this book, especially to those managers who don’t consider themselves ‘geeks’ or ‘techies’ but have been given some responsibility for information security amongst their staff, and especially on their budget.It has a good style that will be comfortable to professional managers, and the language treads the fine line between required technical explanation and not sounding like an engineering book, with great skill.

I suspect that the author, and his editor, put in a great deal of effort in making this a well crafted book, but it seems more logical and effortless than that – but that is the trick of any good performance isn’t it?

Marks: 4 out of 5
****