REVIEW: "Managing Knowledge Security", Kevin C. Desouza
- BKMAKNSE.RVW 20070927
"Managing Knowledge Security", Kevin C. Desouza, 2007, 0-7494-4961-6,
%A Kevin C. Desouza secureknow.blogspot.com kev.desouza@...
%C 120 Pentonville Rd, London, UK, N1 9JN
%G 0-7494-4961-6 978-0-7494-4961-2
%I Kogan Page Ltd.
%O U$65.00/UK#32.50 +44-020-7278-0433 kpinfo@...
%O Audience i Tech 1 Writing 2 (see revfaq.htm for explanation)
%P 200 p.
%T "Managing Knowledge Security"
Desouza is of the "competitive intelligence" community, so the
"knowledge" of the title refers to special skills, processes, or other
information that gives your business a particular advantage, and which
is either unknown or in limited circulation elsewhere.
Chapter one provides some examples of thefts of intellectual property.
The author also exhorts companies to classify and assign a value to
their informational assets (with which advice I can only heartily
concur). He goes on to describe the activities involved in spying on
corporations, and notes the limitations of traditional security guards
in this regard. Chapter two explains how employees can be the
greatest threat to the loss of institutional knowledge--and can also
be the biggest asset in protecting it. Considerations with regard to
personal computing devices (such as laptops and advanced cell phones)
for travelling executives are discussed in chapter three. As well,
there are suggestions on how to avoid being kidnapped, and some
recommendations with respect to recycling paper and obsolete computer
equipment. Chapter four looks at a range of the possible alliances
between companies, and the ways that various problems related to
intellectual property might occur as a result of those associations.
Chapter five contains recommendations of diverse measures to limit
physical access to corporate offices. Business continuity is
addressed, in chapter six, from the perspective of loss of knowledge
resources. (Oddly, there is little discussion of the higher levels of
risk from social engineering inherent in such situations.) Basic
information security practices, threats, and technologies are outlined
in chapter seven.
The book presents an interesting viewpoint in regard to security, but
does not seem to break any new ground. In terms of information
security or classification, this work does not go beyond any standard
security text such as the original edition of "Computer Security
Basics" (cf. BKCMPSEC.RVW) or (ISC)2's "Official Guide" (cf.
BKOITCE.RVW). With regard to social engineering, which one might
consider a specialty of those in the "business intelligence" field,
any of Ira Winkler's volumes, such as "Corporate Espionage" (cf.
BKCRPESP.RVW) or "Spies Among Us" (cf. BKSPAMUS.RVW), has more detail
and extensive suggestions. Desouza's work, clear and engaging as it
is, is possibly an interesting additional outlook, but hardly a
necessary addition or replacement.
copyright Robert M. Slade, 2007 BKMAKNSE.RVW 20070927
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
Your email has been returned due to insufficient voltage.