Author: Dr Andrew Vladimirov, Konstantin Gavrilenko and Andriej Michajlowski
ISBN No: 9781 8492 85995
Review date: 28/04/2024
No of pages: 432
Publisher: IT Governance
Publisher URL:
http://www.itgovernance.co.uk/
Year of publication: 17/02/2015
Brief:
Assessing Information Security - Strategies, Tactics, Logic and Framework, second edition
price
£39.95
If you turn to Once more unto the Breach – Managing information security in an uncertain world, you do so as much as anything for reassurance; you are not the only infosec manager battling against indifferent or hostile staff, above and below in the office hierarchy. As the title of Assessing Information Security – Strategies, Tactics, Logic and Framework suggests, this book sets out ways of doing info-security. Get the philosophy right, they argue, and you can handle any changes in technology. Like Simmons in Once more unto the Breach, the three authors of Assessing Information Security are alive to the fact that infosec is about more than technical security – it has to take in, for example, personnel background screening. For what is the good of having a well-trained, certificated member of staff, if he is a convicted thief?! And on that point, the authors are set against cooperating with a cyber-criminal.
The authors liken infosec to war, or at least conflict, peppering their arguments with quotations from such military thinkers as von Clausewitz, from start to finish. They argue against viewing security as ‘amere part of business continuity’, or accepting that hacking and data leaks will happen, and loss of control of data in the Cloud cannot be helped. Nearly every successful attack, they point out – note the warlike language – ‘involves some mistake on the defender’s side’. Indeed, the battle is not against malware, but against the fraudsters, spies, political activists and disgruntled employees using technology. Their book sets out at length auditing, policies and compliance, assessments of risks and reviews. While that might sound airy-fairy, be assured that it and the authors are not. Indeed, quite the opposite: by doing proper assessing, you take into account that staff are temps, or outsourced, or going through a merger, or doing plain old theft of goods.
Assessing Information Security – Strategies, Tactics, Logic and Framework, second edition, by Dr Andrew Vladimirov, Konstantin Gavrilenko and Andriej Michajlowski. Paperback, £39.95. Published 2015 by IT Governance Publishing, 432 pages, ISBN 9781 8492 85995. Visit www.itgovernance.co.uk.
