Reviewer Name: Edd Hardy
Check Team Member, PCI QSA, 27001 Lead Auditor
Cyber Risk for Business Professionals: A Management Guide
IT Governance Publishing
Date of Publishing:
Price (UK&US price – full price, not discounted price):
$62 / £39.95
URL of Publisher Site: IT Governance
URL of Amazon UK web page: Cyber Risks for Business Professionals: A Management Guide
URL of Amazon US web page: Amazon.com
This is a very odd book on several levels; not only does the front cover have cartoon versions of the characters from the Matrix on it (a horrible cliché), but the content doesn’t really make sense. It’s actually very difficult to work out whom the book is aimed at. It’s not aimed at technical users, however, neither is it aimed at legal professionals and management who more than likely wouldn’t read past the first few pages because it doesn’t say anything that’s not self-evident.
The book is non-technical (for example, the most technical statement I found is that WPA2 is the strongest Wi-Fi security protocol and should be used), and it’s apparent that the author is also non-technical from the language he’s used, however, the book does say it’s for Business and Management Professionals.
Kendrick skims over many key issues that would be of interest to anyone involved in security. He dedicates only eight short pages to standards and regulations, such as, ISO, DPA, RIPA etc., even though these are huge issues, issues that the CEO or the business consultant really need to grasp. These are some of the most important topics in information/cyber security, topics that as CEO they are ultimately responsible for. This is very odd considering that the author was a solicitor; you’d think that’s the aspect of the book that would have the most focus. Although you can tell he has a legal background as legal cases are referenced throughout the book, even this aspect is not covered in any great detail. This is shame as it’s a missed opportunity to say something really interesting.
Another disappointing section is the one on cyber squatting. The example is given of Harrods v Network Services, when Harrods went to court to obtain the ‘Harrods’ domain name. This is mentioned in one paragraph, which just tells us that a legal case occurred; it doesn’t mention that this is still a huge problem today, that it was a really exciting case, and how it was a ground breaking case where previous attempts to recover domain names had mostly been ignored.
Interestingly, the text only suggests that advice should be taken to ensure you are not infringing on someone else’s trademark when registering a domain. It doesn’t give the most basic advice, such as, go out and register every domain that could possibly be associated with you to protect yourself from spoofs and make sure your domains are registered to the company not to individual staff who buy them for you etc.
The back cover explains that some of the content was obtained through interviewing individuals at large consultancies. This again is very odd as it makes the book appear more like a research project or degree dissertation.
To sum up, I am not sure who this book is aimed at, but it’s not going to be of any use to anyone who works in security, technology or risk. I also don’t think it will work for non-technical managers as it is trying to isolate an area of risk (the Internet) from all the other areas of risk in the organization – a manager won’t want to read a different book for each area of risk; they want a book that covers all of risk management, especially at this price.
I am not sure who this book is aimed at, but it’s not going to be of any use to anyone who works in security, technology or risk. I also don’t think it will work for non-technical managers as it is trying to isolate an area of risk (the Internet) from all the other areas of risk in the organization. No manager wants a different book for each subject of risk – one book should cover it all, especially at this price.
Marks: 2 out of 5 **