Arts & Photography
Audio CDs
Audiocassettes
Biographies & Memoirs
Business & Investing
Children's Books
Christianity
Comics & Graphic Novels
Computers & Internet
Cooking, Food & Wine
Entertainment
Gay & Lesbian
Health, Mind & Body
History
Home & Garden
Horror
Literature & Fiction
Mystery & Thrillers
Nonfiction
Outdoors & Nature
Parenting & Families
Professional & Technical
Reference
Religion & Spirituality
Romance
Science
Science Fiction & Fantasy
Sports
Teens
Travel
Women's Fiction
|
 |
The Executive Guide to Information Security : Threats, Challenges, and Solutions |
List Price: $34.99
Your Price: $34.99 |
 |
|
|
|
| Product Info |
Reviews |
<< 1 >>
Rating: 
Summary: Should be the basis of an executive study group
Review: An effective security policy can only be the result of a systemic operation, which means that it must be supported at the executive level. To be supported, it must first be understood, therefore all executives must have a broad knowledge of the need for security and some of the particulars as to how it is implemented. This book provides that information.
While it is necessary to use some technical jargon in order to explain the basics of computer security, it is kept to a minimum. The three components of an effective security program: people, process and technology are each explained in a separate chapter. There are several questionnaire/checklist style worksheets, where you can fill them in and get some idea regarding the current status of your company. These are excellent ways to get a snapshot of how vulnerable your company is. One simple addition that many executives will find valuable is a collection of example job descriptions for security personnel. These positions are difficult to describe and fill, so even the smallest bit of assistance is of great value.
There are very few books that should be the subject of a study group of the executives of a company. This is one of them, each executive should be given a copy, and then forced to read and study it as a group. It is one of the few ways to guarantee that security is given the consideration that all executives need to apply. In these dangerous times, failure to do so can literally be a matter of life and death for some companies.
Rating: 
Summary: Great resource, but boring at times
Review: A fun book on security for executives and managers? Unbelievable, you'd say? This one ("The Executive Guide to Information Security") comes pretty close.
On the down side, do not look at this book for technology coverage. Almost total lack of coverage of intrusion prevention, spyware, spam as well as some Symantec bias (understandable, considering the publisher) make this book much stronger on the policy, process and "big picture" coverage rather on modern technical threats and countermeasures. Slightly confusing coverage of vulnerability management also falls in the same category. However, given the target audience of CEOs and CFOs, this is certainly excusable.
The book introduces the executives to basic security concepts such as "defense-in-depth", "people, process, technology", etc, and goes into details on using them for organizing security for their organizations.
I also appreciated the sections on planning and executing a security strategy and measuring security by using various included checklists and questionnaires. 50-point security evaluation framework based on"best practices" was another valuable piece. The books also address one of the important questions of organizational security: in-house vs outsourced security.
Regulations and laws also occupy a significant part of the book. The coverage is high-level and provides few details, appropriate given the target audience. A section on future security was pretty insightful and enjoyable to read!
Overall, I think the book will be one of the first (and, so far, best) books about security for the "C-level" crowd.
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II". In his spare time, he maintains his security portal info-secure.org
Rating:
Summary: Security policies and procedures
Review: Definitely not the book to take to the beach with you, but a good book all the same. The author lays out in a comprehensive way an organization wide process to develop a secure information structure. The insights range from high level strategies, to lower level tactics, with a few very practical examples thrown in here and there.
Information security should be a critical concern of today's high-tech organizations. But so often it is forgotten, or relegated into obscurity because there was too much process or the security was too intrusive. The author strikes a good, pragmatic balance between convenience and security here.
The book is a short, easy read. Really a must read for CIOs and a should read for CEOs.
Rating:
Summary: Excellent Reference for Executive Management
Review: Mark Egan and Tim Mather have done a great job in my opinion of boiling the wide range of topics and information related to corporate network security down to an "executive summary" highlighting the key areas that executive leadership needs to understand in order to make decisions and lead effectively.
This book provides an overview of the history and current state of information security and an appropriate amount of detail for an executive to understand trends in technologies and threats and how to assess risks, hire competent I.T. staff and a general overview of best practices and practical solutions.
The appendices provide a wealth of additional information such as template job descriptions for specific I.T. roles and a listing of information security web sites for reference.
This book covers a little about a lot, and even that lot is aimed at managers and executive leadership. Don't get this book if you are looking for details about any aspect of computer security or even if you are looking for a comprehensive, broad coverage of information security for the "working class". For executive leaders looking to gain an understanding of I.T. to ensure that their networks are properly protected though this is an excellent resource.
Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security (http://netsecurity.about.com), providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security (http://www.tonybradley.com).
Rating:
Summary: Great material for directors/managers and above...
Review: No company these days can afford to ignore the topic of information security, be it computers or just customer information. The book The Executive Guide To Information Security: Threats, Challenges, and Solutions by Mark Egan with Tim Mather (Addison-Wesley) does a good job at getting CxO-level staff to consider the issues.
Chapter list: The Information Security Challenge; Information Security Overview; Developing Your Information Security Program; People; Processes; Technology; Information Security Roadmap; View Into The Future; Summary; Security Framework Evaluation; Information Security Web Sites; Operational Security Standards; Sample Security Job Descriptions; Glossary; Index
Because the book is targeted at the executive level, you won't find a lot of technical nuts and bolts showing up. People at that level don't deal with security at that level. What *is* present are in-depth discussions of security topics such as email, spam, the internet, people, and internal processes. All the information presented tends to tie back into lists or charts that allow the reader to formulate a program for addressing security in that particular area. There are also a number of evaluations to establish baseline measurements of where you are in a specific area, such as the proficiency of your Information Security staff or security processes. Using a book like this, a director level person could start to formulate a solid security infrastructure for the company that will produce targeted results.
One of the things I also like about this book is its practicality. Because everything ties back into "what do you need to do", there isn't much filler material hanging around. They are also pragmatic. Rather than declare that the sky is falling unless you obtain a perfect score, they understand that every organization is in a different spot. You just evaluate where you are right now, note the deficiencies, determine where you need to be, and then make plans to get there.
Definitely good reading for all managers and above at any organization. By reading the book now and taking steps today, you can avoid major trouble down the road...
Rating:
Summary: More Phishing Analysis
Review: The authors write a timely management level briefing on the current key issues in information security. Directed at not just the CEO of any company, as the cover might suggest. The audience of this book arguably includes not just executives involved in IT, but also the technical IT personnel themselves who may, or rather, will, confront such issues on a daily basis.
Perhaps the most important section is Chapter 8, discussing future threats. It starts with an example of a phishing attack on a company. The chapter then goes onto describe possible trends in attacks over the next few years. Sadly, once past the phishing example, the chapter does not talk any more about phishing. Given the realities of book publishing, the chapter was probably written in the first half of 2004. Yet as 2004 draws to a close, it has seen a huge global rise in phishing. So the chapter is already somewhat dated, through no fault of the authors.
Were the chapter to be rewritten now (December 2004), I imagine phishing would, or should, receive far more detailed scrutiny. While it might be objected that phishing is only one type of attack, its current direct monetary costs to banks and the month on month rise in the frequency of attacks make it a prime menace.
<< 1 >>
|
|
|
|
