Author: Dr Julie Mehan
ISBN No: 9781849285711
Review date: 29/11/2023
No of pages: 386
Publisher: IT Governance
Year of publication: 16/06/2014
CyberWar, CyberTerror, CyberCrime and CyberActivism second edition
This bulky book is about policy rather than technicalities. Its message: educating and making people aware is our best defence, to protect ‘information systems’ against frail and naive people. “Government and industry need standardised and consistent processes that effectively and efficiently acquire, develop, and sustain secure information systems: means to justify confidence in these processes and their products; and practitioners that are motivated, disciplined and proficient in their execution.” Cyber readiness, the US author suggests, is about three things: people, process and technology. Oddly, as she writes, the ‘most plugged-in generation’ that is young and used to IT and mobile computing seems at best inconsistent, at worst uninterested in protecting their own ‘digital lifestyles’, ‘much less looking at cyber-security as a possible career field’.
As she writes, human error and data loss can have little to do with computers; she cites the UK example from 2007 of the loss of computer disks holding the personal data of 25m people; and there was a similar US case. “To put it simply – there is no information systems security without the human factor.” Namely, the will to work securely and not to bypass rules. Much of the book is given over to standards; which to use, and why. She admits to a ‘quagmire’ of choice of standards; and standards alone do not guarantee security. This book is most of use to the international security person, in IT or not, who wants to think about how to do cyber-security across an organisation. As the author to her credit makes plain, it’s not easy, and you cannot expect ‘perfect assurance’.