Average Reviews:
(More customer reviews)Many people mistakenly and naively think that information security is simply about keeping the hackers out. But hackers are only one of myriad risks within information security. In Information Risk and Security: Preventing and Investigating Workplace Computer Crime, author Edward Wilding does a superb job in showing the reader what it takes design and build a comprehensive information security program.
The book starts out with a bang and discusses one of the more considerable threats, the insider threat. The book details how Nick Leeson single-handedly brought Barings Bank to bankruptcy via uncontrolled insider access. The book notes that every business has a potential Leeson, a human time-bomb ticking away, often completely unidentified and waiting to take advantage of potentially dangerous system exposures.
The insider threat is one of the most dangerous threats, and also one that most organizations do nit properly defend themselves against. The book notes that the insider is in a better position to execute their crimes given their direction operation access to systems, and a day-to-day knowledge of how these systems and processes operate.
Security luminary Marcus Ranum notes that people often seem to want to treat computer security like it's rocket science or black magic. In fact, computer security is nothing but attention to detail and good design. In 19 densely packed chapters, the book writes about those very details of the many contemporary security issues facing organizations today.
Rather than relying on the FUD (fear, uncertainty and doubt) factor that often permeates much of information security, each chapter provides numerous real world references studies of computer security incidents from around the world. These stories are particularly valuable in that they can be used to take back to management to show them the need for adequate security funding.
Information Risk and Security: Preventing and Investigating Workplace Computer Crime is a densely packed treasure trove of invaluable information security knowledge. Anyone looking for a comprehensive guide to real-world information security, or looking to round out their security infrastructure is highly recommended to read this valuable reference.
Click Here to see more reviews about: Information Risk And Security: Preventing And Investigating Workplace Computer Crime
Information risk exposes organizations to catastrophic failure, regulatory censure, fraud, IP theft, extortion, systems sabotage...the list goes on. The current fixation with technical controls means that people are often neglected, taken for granted or demeaned and yet, the one common denominator in most incidents is employees themselves. "Information Risk and Security" explains the complex and diverse sources of risk for any organization, and provides clear guidance and strategies to prevent these threats before they happen and to investigate them, if and when they do. Edward Wilding focuses particularly on internal IT risk, workplace crime and the preservation of evidence, because it is these areas that are generally so badly mismanaged.There is advice on: adopting control and security measures that do not hinder business operations, but which effectively block criminal access and misuse; how to secure information - in both electronic and hard copy form; understanding and countering the techniques by which employees are subverted or entrapped into giving access to systems and processes;preventing computer fraud, IP theft and systems sabotage, and investigating and responding to these threats should they occur; responding to attempted extortion and malicious information leaks; dealing with catastrophic risk; best-practice for monitoring and securing office and wireless networks; securing evidence where computer misuse occurs and presenting this evidence in court; conducting covert operations and forensic investigations; and much more. Tackling information risk and security is, as with all other aspects of organizational effectiveness, a matter of good management. This is an essential guide for risk and security managers, computer auditors, investigators, IT managers, line managers and non-technical experts; all those who need to understand the threat to workplace computers and information systems.The author's style mixes numerous case studies with practical, down-to-earth and easily implemented advice to help everyone with responsibility for this threat to manage it effectively.
0 comments:
Post a Comment