<< 1 >>
Rating: ![5 stars](http://www.reviewfocus.com/images/stars-5-0.gif) Summary: High-level with strategic, proactive goals Review: Because this book is ostensibly aimed at managers and executives do not expect technical details or a discussion at the tactical, day-to-day level. Instead, this book will give busy managers who are removed from hands on security tasks and details of the underlying technologies the knowledge they need to be conversant with those aspects, and a framework for developing a proactive security posture. In fact, this book's strengths are the strategic perspective and proactive approach that are imparted. This is important because in many organizations the security professionals in the trenches tend to take a tactical approach and are forced into reacting to constantly emerging threats, software vulnerabilities, and other challenges that do not allow them the luxury of protecting the business *and* developing strategies and shifting to the proactive.The author clearly puts e-business system (and general) security into context from business and technical perspectives in Chapter 1. In Chapter 2 he exposes topics that may be far removed from executive and senior management, such as infrastructure and related support issues. Also in this chapter security is introduced into the discussion of infrastructure and systems, setting the stage for subsequent chapters. Chapters 3 and beyond are focused entirely on security. Each element of e-business security is treated as an individual topic, which provides the necessary background for the next topic. In succession major and common threats are discussed, along with recommended countermeasures. By Chapter 4 the details for effective security management unfold, with well written material on why e-business systems are corporate assets, and a sound framework for managing these systems in a manner that takes into account business imperatives and cost/benefit. Subsequent chapters also cover topics such as responsibility and liability - in short, topics that concern managers. At nearly 300 pages this book may be too detailed for executives, but is short enough to hold the attention of senior and mid level managers who are responsible for e-business systems. The approach and focus are business first, with only enough information about the underlying technology to provide sufficient understanding to non-technical readers. The approach set forth in the book for managing security is both realistic and viable. What is required to make it actionable is executive sponsorship and management commitment to perform.
Rating: ![5 stars](http://www.reviewfocus.com/images/stars-5-0.gif) Summary: High-level with strategic, proactive goals Review: Because this book is ostensibly aimed at managers and executives do not expect technical details or a discussion at the tactical, day-to-day level. Instead, this book will give busy managers who are removed from hands on security tasks and details of the underlying technologies the knowledge they need to be conversant with those aspects, and a framework for developing a proactive security posture. In fact, this book's strengths are the strategic perspective and proactive approach that are imparted. This is important because in many organizations the security professionals in the trenches tend to take a tactical approach and are forced into reacting to constantly emerging threats, software vulnerabilities, and other challenges that do not allow them the luxury of protecting the business *and* developing strategies and shifting to the proactive. The author clearly puts e-business system (and general) security into context from business and technical perspectives in Chapter 1. In Chapter 2 he exposes topics that may be far removed from executive and senior management, such as infrastructure and related support issues. Also in this chapter security is introduced into the discussion of infrastructure and systems, setting the stage for subsequent chapters. Chapters 3 and beyond are focused entirely on security. Each element of e-business security is treated as an individual topic, which provides the necessary background for the next topic. In succession major and common threats are discussed, along with recommended countermeasures. By Chapter 4 the details for effective security management unfold, with well written material on why e-business systems are corporate assets, and a sound framework for managing these systems in a manner that takes into account business imperatives and cost/benefit. Subsequent chapters also cover topics such as responsibility and liability - in short, topics that concern managers. At nearly 300 pages this book may be too detailed for executives, but is short enough to hold the attention of senior and mid level managers who are responsible for e-business systems. The approach and focus are business first, with only enough information about the underlying technology to provide sufficient understanding to non-technical readers. The approach set forth in the book for managing security is both realistic and viable. What is required to make it actionable is executive sponsorship and management commitment to perform.
<< 1 >>
|