InfoSec Reviews – Enterprise Information – Security & Privacy

Book Title: Enterprise Information

Subtitle: Security & Privacy

Authors: C. Warren Axelrod, Jennifer L. Bayuk, Daniel Schutzer (editors)

Publisher: Artech House

Date of Publishing: 2009

ISBN(13): 9781596931909

Price (UK&US price – full price, not discounted price): £66.00   $99.00

URL of Publisher Site: Artech House

URL of Amazon UK web page: Enterprise Information Security and Privacy

URL of Amazon US web page: Amazon.com

Enterprise Information – Security & Privacy is a relatively slim volume (223pp) and aims to take a fresh approach to some fundamental information security issues. The book is split into three sections: Trends – dealing with the history of security & privacy; Risks – dealing with the difficult topic of risk and some alternative approaches to risk assessment; and Experience – dealing with experience in specific sectors. Each chapter is written by different subject matter experts, however, the editorial style and unified approach of attempting to re-examine some fundamental issues means that there is a consistent tone throughout. As an experienced information security professional, I found that the better chapters provided a very useful catalyst for further reading and discussion on some fundamental Infosec issues. For example, the rather provocative chapter on replacing risk-based security makes some excellent points on the limitations of risk assessment, and the devaluation of risk assessment by years of poor implementation; similarly, the chapter on the economics of loss is a wonderful mini-practitioners guide to some of the more common pitfalls of quantitative risk assessment. The structure of the book also ensures there is much in there for the beginner. While I found the chapter on ‘Human Factors’ rather basic and a little unfocused, it still covers some useful groundwork, and the chapter on IT operations security is useful for experienced practitioners and newcomers alike, shedding much needed light on an often neglected area. In general, the editors have struck an excellent balance between fundamentals, reasonably comprehensive coverage of the subject matter (there is, for example, excellent coverage on the history of privacy) and a critical eye to received wisdom.

The book is eminently readable by non-technical people, as it assumes no existing technical knowledge, and therefore acts as a useful primer to the general business reader interested in the subject matter, as well as the Information Security professional. Overall, an excellent volume!

An excellent review of often neglected information security fundamentals. It will shore up the knowledge of the experienced practitioner and provide some food for thought, also serving as an excellent reference to slip in the CEO’s bag for some weekend reading…

Marks: 4 out of 5

****

You don`t have permission to comment here!