InfoSec Reviews – Managing Information Security Breaches

Book Title: Managing Information Security Breaches

Subtitle: Studies from real life

Author: Michael Krausz

Publisher: IT Governance Publishing

Date of Publishing: November 25th 2010

ISBN: 9781849280945

Price: £29.95

URL of Publisher Site: IT Governance

URL of Amazon UK web page: Managing Information Security Breaches: Studies from real life

URL of Amazon US web page:

Available in paperback and e-book format (though not available in hard back), and consisting of 198 pages, this book provides a general overview (drawn from case studies), for identifying and managing information security breaches.Every organisation, regardless of size and complexity, needs a strategy for handling actual or potential security breaches. In order to determine and implement a coherent strategy requires sufficient information about how to identify a security breach (what constitutes a security breach) and once identified, how best to deal with it. This book tries to answer both questions, but only partially succeeds in providing suitable answers.Described as a ‘Comprehensive guide to managing an information security incident,’ Managing Information Security Breaches, whilst providing sufficient details in the areas of risk identification and potential forms of treatment based on the International Information Security Standard ISO27001, will disappoint those readers expecting to find detailed case studies or a comprehensive list of things to do following a breach. Managing Information Security Breaches provides a framework for handling breaches, focusing on the treatment of breaches and providing an overview on how to re-establish safety and security once the breach has occurred. Key areas, such as applicable legislation, types and methods of risk methodologies, and policy and procedures are covered in the book, as are risk profiling and security breach identification. All of the recommendations made in the book are compatible with the ISO27001 standardThe author discusses and outlines typical security breaches, peppering these with examples drawn from real-life case studies, in an effort to bring some realism to the subject. The case studies cover a wide range of breaches, from malicious insiders, accidental and/or deliberate unauthorised access or data loss, theft of computer equipment, and attempted blackmail.These case studies, however, whilst being relevant and fitting the profile of common security breaches that will have taken place in the past, are light on the actual detail provided.  The reader ends up understanding what and how a breach occurred but not necessarily (depending upon their individual level of expertise) how to deal with it.Whilst not expecting to see those parties named (who were responsible for, or a victim of, a security breach), I would have expected to be provided with more details of exactly how the breach was handled from start to finish. However, the details provided are, in the main, generalised and at a high level. In addition, I was expecting to find some forensic investigation techniques, but these were lacking. Also, the book doesn’t provide any flowcharts, which again would have proved very useful for those seeking to handle a security breach for the first time or those with a bit more experience who still need a helping hand to ensure they were covering all the key areas of investigation.The author is at pains to ensure that when considering a security breach all the areas likely to have an impact are considered and factored into a subsequent investigation. However, these are covered in too generalised a fashion with explicit details (such as a step-by-step guide) not being made available for the reader to draw upon

Managing Information Security Breaches does provide a summary overview at the back of the book for managing an actual (or potential) security breach. Again, however, there is insufficient detail for the security novice who is tackling their first security incident.

Managing Information Security Breaches provides readers with a reference point for identifying an actual or potential security incident, with sufficient information to make an informed decision on how best to proceed. What it does not provide, however, is a detailed, step-by-step guide in what to do, in what order, and when to do it.

Marks: 3 out of 5