REVIEW: "The Executive Guide to Information Security", Mark Egan/Tim Mather
- BKEGINSC.RVW 20070112
"The Executive Guide to Information Security", Mark Egan/Tim Mather,
2005, 0-321-30451-9, U$34.99/C$49.99
%A Mark Egan
%A Tim Mather
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%I Addison-Wesley Publishing Co.
%O U$34.99/C$49.99 416-447-5101 fax: 416-443-0948 bkexpress@...
%O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 268 p.
%T "The Executive Guide to Information Security"
The preface states that the book is intended as a crash course on
information security for those at the executive management level who
are not familiar with the security or technical field. The work is
intended to present practical recommendations that can be implemented
quickly, and to explain key principles in non-technical language.
Chapter one notes that security is becoming an increasing concern to
the corporation, and that new technologies, such as the Internet and
wireless networking, are making this already difficult task ever more
complicated. Some random aspects of security, mostly different types
of security tools, are listed in chapter two. The recommendation
about developing a security program, in chapter three, is limited to
generic project management. Some general advice on staffing is given
in chapter four. Chapter five outlines a few processes necessary to a
security assessment and program. More technologies and utilities are
catalogued in chapter six, more processes in seven. Chapter eight
looks to the increasing complexity of information systems, new and
harsher attacks, and the expanding problems in securing systems. Some
important, but not comprehensive, points about an information security
program are listed in chapter nine.
The book includes a "security framework," in the checklist style
favoured by so many authors of frameworks, but it has more gaps and is
limited in comparison to the other available structures (such as Fred
Cohen's "Security Governance," cf. BKSECGOV.RVW).
This is much like a collection of reasonable magazine articles, and
would be good for raising awareness and limited familiarity with the
importance of security, and some of the major issues. It is, however,
hardly the basis for a complete understanding of the security realm,
even at the executive level. It certainly would not serve as the
foundation for a security program.
copyright Robert M. Slade, 2007 BKEGINSC.RVW 20070112
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
I base most of my fashion taste on what doesn't itch. - Gilda Radner
Dictionary of Information Security www.syngress.com/catalog/?pid=4150