BKMAKNSE.RVW 20070927 "Managing Knowledge Security", Kevin C. Desouza, 2007, 0-7494-4961-6, U$65.00/UK#32.50 %A Kevin C. Desouza secureknow.blogspot.com kev.desouza@gmail.com %C 120 Pentonville Rd, London, UK, N1 9JN %D 2007 %G 0-7494-4961-6 978-0-7494-4961-2 %I Kogan Page Ltd. %O U$65.00/UK#32.50 +44-020-7278-0433 kpinfo@kogan-page.co.uk %O http://www.amazon.com/exec/obidos/ASIN/0749449616/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0749449616/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0749449616/robsladesin03-20 %O Audience i Tech 1 Writing 2 (see revfaq.htm for explanation) %P 200 p. %T "Managing Knowledge Security" Desouza is of the "competitive intelligence" community, so the "knowledge" of the title refers to special skills, processes, or other information that gives your business a particular advantage, and which is either unknown or in limited circulation elsewhere. Chapter one provides some examples of thefts of intellectual property. The author also exhorts companies to classify and assign a value to their informational assets (with which advice I can only heartily concur). He goes on to describe the activities involved in spying on corporations, and notes the limitations of traditional security guards in this regard. Chapter two explains how employees can be the greatest threat to the loss of institutional knowledge--and can also be the biggest asset in protecting it. Considerations with regard to personal computing devices (such as laptops and advanced cell phones) for travelling executives are discussed in chapter three. As well, there are suggestions on how to avoid being kidnapped, and some recommendations with respect to recycling paper and obsolete computer equipment. Chapter four looks at a range of the possible alliances between companies, and the ways that various problems related to intellectual property might occur as a result of those associations. Chapter five contains recommendations of diverse measures to limit physical access to corporate offices. Business continuity is addressed, in chapter six, from the perspective of loss of knowledge resources. (Oddly, there is little discussion of the higher levels of risk from social engineering inherent in such situations.) Basic information security practices, threats, and technologies are outlined in chapter seven. The book presents an interesting viewpoint in regard to security, but does not seem to break any new ground. In terms of information security or classification, this work does not go beyond any standard security text such as the original edition of "Computer Security Basics" (cf. BKCMPSEC.RVW) or (ISC)2's "Official Guide" (cf. BKOITCE.RVW). With regard to social engineering, which one might consider a specialty of those in the "business intelligence" field, any of Ira Winkler's volumes, such as "Corporate Espionage" (cf. BKCRPESP.RVW) or "Spies Among Us" (cf. BKSPAMUS.RVW), has more detail and extensive suggestions. Desouza's work, clear and engaging as it is, is possibly an interesting additional outlook, but hardly a necessary addition or replacement. copyright Robert M. Slade, 2007 BKMAKNSE.RVW 20070927