BKEGINSC.RVW 20070112 "The Executive Guide to Information Security", Mark Egan/Tim Mather, 2005, 0-321-30451-9, U$34.99/C$49.99 %A Mark Egan %A Tim Mather %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 2005 %G 0-321-30451-9 %I Addison-Wesley Publishing Co. %O U$34.99/C$49.99 416-447-5101 fax: 416-443-0948 bkexpress@aw.com %O http://www.amazon.com/exec/obidos/ASIN/0321304519/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0321304519/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0321304519/robsladesin03-20 %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation) %P 268 p. %T "The Executive Guide to Information Security" The preface states that the book is intended as a crash course on information security for those at the executive management level who are not familiar with the security or technical field. The work is intended to present practical recommendations that can be implemented quickly, and to explain key principles in non-technical language. Chapter one notes that security is becoming an increasing concern to the corporation, and that new technologies, such as the Internet and wireless networking, are making this already difficult task ever more complicated. Some random aspects of security, mostly different types of security tools, are listed in chapter two. The recommendation about developing a security program, in chapter three, is limited to generic project management. Some general advice on staffing is given in chapter four. Chapter five outlines a few processes necessary to a security assessment and program. More technologies and utilities are catalogued in chapter six, more processes in seven. Chapter eight looks to the increasing complexity of information systems, new and harsher attacks, and the expanding problems in securing systems. Some important, but not comprehensive, points about an information security program are listed in chapter nine. The book includes a "security framework," in the checklist style favoured by so many authors of frameworks, but it has more gaps and is limited in comparison to the other available structures (such as Fred Cohen's "Security Governance," cf. BKSECGOV.RVW). This is much like a collection of reasonable magazine articles, and would be good for raising awareness and limited familiarity with the importance of security, and some of the major issues. It is, however, hardly the basis for a complete understanding of the security realm, even at the executive level. It certainly would not serve as the foundation for a security program. copyright Robert M. Slade, 2007 BKEGINSC.RVW 20070112