Rating: 
Summary: Covers all IS Security Critical Success Factors
Review: This book is an anthology of carefully selected papers by experts in their respective knowledge areas. The organization of the papers is consistent with the basic principle of security - layered security in depth, and covers management responsibility, basic safeguards, and physical and technical protection, and special issues.What makes this book such a valuable reference is the care with which the editors chose topics. Each topic area is a critical success factor to implementing and managing an effective security posture, and I especially like the inclusion of papers on "Policies, Standards and Procedures" and "Legal Issues in Computer Security" in the section devoted to Management Responsibility. The paper on risk management in this section is also excellent. The section on basic safeguards actually goes beyond the domain of IS security by addressing disaster recovery (this discipline is independent of IS security, but is closely related), and cross functional topics, such as auditing and application controls. These topics are the core of IS security and I was pleased to see them included in the form of exceptionally well written, in-depth papers. Other highlights, in my opinion, are "Security of Computer Data, Records, and Forms" (an often overlooked, but critical element of IS security), and "Outside Services". Both of these papers show the width and depth of the topics covered in this excellent book. If you are an IS security manager this book is an essential desk reference, and it is also useful to anyone managing production support and service delivery functions, or tasked with vendor management. In my opinion this is one of the best IS security references available and I highly recommend it.
Rating:
Summary: Covers all IS Security Critical Success Factors
Review: This book is an anthology of carefully selected papers by experts in their respective knowledge areas. The organization of the papers is consistent with the basic principle of security - layered security in depth, and covers management responsibility, basic safeguards, and physical and technical protection, and special issues. What makes this book such a valuable reference is the care with which the editors chose topics. Each topic area is a critical success factor to implementing and managing an effective security posture, and I especially like the inclusion of papers on "Policies, Standards and Procedures" and "Legal Issues in Computer Security" in the section devoted to Management Responsibility. The paper on risk management in this section is also excellent. The section on basic safeguards actually goes beyond the domain of IS security by addressing disaster recovery (this discipline is independent of IS security, but is closely related), and cross functional topics, such as auditing and application controls. These topics are the core of IS security and I was pleased to see them included in the form of exceptionally well written, in-depth papers. Other highlights, in my opinion, are "Security of Computer Data, Records, and Forms" (an often overlooked, but critical element of IS security), and "Outside Services". Both of these papers show the width and depth of the topics covered in this excellent book. If you are an IS security manager this book is an essential desk reference, and it is also useful to anyone managing production support and service delivery functions, or tasked with vendor management. In my opinion this is one of the best IS security references available and I highly recommend it.
Rating:
Summary: THE Security Reference To Own
Review: This book is the Bible of information security. I stumbled into the 3rd edition (published in 1995) years ago and found it quite helpful, but dated by the time I acquired it. I was simply stunned and enthralled when I discovered a 4th edition had been published. I ordered it immediately, and waited impatiently to arrive... (2 day air)... I received it today, and I can't put it down. It has completely exceeded my expectations, which were considerable given I was very much impressed with the 3rd. This book belongs in any security professionals library. If you haven't got it, you are missing the definitive compendium of security information. Once you have mastered this text, other books do an excellent job of drilling further into the details, but few can exceed the sheer scope and thoroughness of this tome. For those worried about acquiring obsolete texts, this edition is completely current and up to date! Very impressive. Highly recommmended.
Rating:
Summary: The InfoSec Bible... Simply put, a MUST have!
Review: This book is the Bible of information security. I stumbled into the 3rd edition (published in 1995) years ago and found it quite helpful, but dated by the time I acquired it. I was simply stunned and enthralled when I discovered a 4th edition had been published. I ordered it immediately, and waited impatiently to arrive... (2 day air)... I received it today, and I can't put it down. It has completely exceeded my expectations, which were considerable given I was very much impressed with the 3rd. This book belongs in any security professionals library. If you haven't got it, you are missing the definitive compendium of security information. Once you have mastered this text, other books do an excellent job of drilling further into the details, but few can exceed the sheer scope and thoroughness of this tome. For those worried about acquiring obsolete texts, this edition is completely current and up to date! Very impressive. Highly recommmended.
Rating:
Summary: A "must have" for InfoSec newbies and professionals.
Review: This book makes an excellent addition to anyone in the field of information security. It is very thorough in content, discussing computer security from many angles based on four principles: Integrity, Availability, Control and Auditability. Not for the light reader, but makes a great reference, and an excellent basis for creating a solid security design. I've often heard this book referred to as "big blue". Must have.
Rating:
Summary: A "must have" for InfoSec newbies and professionals.
Review: This book makes an excellent addition to anyone in the field of information security. It is very thorough in content, discussing computer security from many angles based on four principles: Integrity, Availability, Control and Auditability. Not for the light reader, but makes a great reference, and an excellent basis for creating a solid security design. I've often heard this book referred to as "big blue". Must have.
Rating:
Summary: The Must-Have IT Security Guide
Review: This is an amazing book stuffed with details of every facet of Information Technology Security. If you can't find the security guidance you want here, it doesn't exist. The material is neatly organizated into eight parts with a detailed index to make it easy to find answers. I found that by turning the pages and looking at the figures, I discovered all kinds of topics I hadn't previously thought about. Full disclosure requires me to announce that I wrote Chapter 47, and collaborated on Chapter 1, but this hasn't skewed my view of all the other chapters as outstanding work by all the other authors.
| 
