Information Risk And Security: Preventing And Investigating Workplace Computer Crime [Hardcover]

Edward Wilding (Author)

Book Description

Publication Date: May 31, 2006 | ISBN-10: 0566086859 | ISBN-13: 978-0566086854

Information risk exposes organizations to catastrophic failure, regulatory censure, fraud, IP theft, extortion, systems sabotage...the list goes on. The current fixation with technical controls means that people are often neglected, taken for granted or demeaned and yet, the one common denominator in most incidents is employees themselves. "Information Risk and Security" explains the complex and diverse sources of risk for any organization, and provides clear guidance and strategies to prevent these threats before they happen and to investigate them, if and when they do. Edward Wilding focuses particularly on internal IT risk, workplace crime and the preservation of evidence, because it is these areas that are generally so badly mismanaged. There is advice on: adopting control and security measures that do not hinder business operations, but which effectively block criminal access and misuse; how to secure information - in both electronic and hard copy form; understanding and countering the techniques by which employees are subverted or entrapped into giving access to systems and processes;preventing computer fraud, IP theft and systems sabotage, and investigating and responding to these threats should they occur; responding to attempted extortion and malicious information leaks; dealing with catastrophic risk; best-practice for monitoring and securing office and wireless networks; securing evidence where computer misuse occurs and presenting this evidence in court; conducting covert operations and forensic investigations; and much more. Tackling information risk and security is, as with all other aspects of organizational effectiveness, a matter of good management. This is an essential guide for risk and security managers, computer auditors, investigators, IT managers, line managers and non-technical experts; all those who need to understand the threat to workplace computers and information systems. The author's style mixes numerous case studies with practical, down-to-earth and easily implemented advice to help everyone with responsibility for this threat to manage it effectively.

Editorial Reviews

About the Author

Edward Wilding has investigated several hundred cases of computer fraud and misuse in many jurisdictions. His previous book, Computer Evidence: A Forensic Investigations Handbook (Sweet and Maxwell 1996) was one of the first to discuss computer forensic investigations. The author has lectured widely, trained incident response teams, and conducted security and risk reviews for a diversity of clients. He has also served as an expert witness in civil and criminal cases, tribunals and official hearings, including the Hutton Inquiry. In 2002, he co-founded Data Genetics International (DGI), specializing in computer crime investigation, incident response and forensic evidence.

Product Details

• Hardcover: 350 pages
• Publisher: Gower Pub Co (May 31, 2006)
• Language: English
• ISBN-10: 0566086859
• ISBN-13: 978-0566086854
• Product Dimensions: 9.6 x 6.9 x 1.3 inches
• Shipping Weight: 1.7 pounds
• Average Customer Review: 5.0 out of 5 stars  See all reviews (1 customer review)
• Amazon Best Sellers Rank: #4,089,916 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

2 of 2 people found the following review helpful:

5.0 out of 5 stars Shows what it takes design and build a comprehensive information security program, July 2, 2009

By 

Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews
(REAL NAME)   

This review is from: Information Risk And Security: Preventing And Investigating Workplace Computer Crime (Hardcover)

Many people mistakenly and naively think that information security is simply about keeping the hackers out. But hackers are only one of myriad risks within information security. In Information Risk and Security: Preventing and Investigating Workplace Computer Crime, author Edward Wilding does a superb job in showing the reader what it takes design and build a comprehensive information security program.

The book starts out with a bang and discusses one of the more considerable threats, the insider threat. The book details how Nick Leeson single-handedly brought Barings Bank to bankruptcy via uncontrolled insider access. The book notes that every business has a potential Leeson, a human time-bomb ticking away, often completely unidentified and waiting to take advantage of potentially dangerous system exposures.

The insider threat is one of the most dangerous threats, and also one that most organizations do nit properly defend themselves against. The book notes that the insider is in a better position to execute their crimes given their direction operation access to systems, and a day-to-day knowledge of how these systems and processes operate.

Security luminary Marcus Ranum notes that people often seem to want to treat computer security like it's rocket science or black magic. In fact, computer security is nothing but attention to detail and good design. In 19 densely packed chapters, the book writes about those very details of the many contemporary security issues facing organizations today.

Rather than relying on the FUD (fear, uncertainty and doubt) factor that often permeates much of information security, each chapter provides numerous real world references studies of computer security incidents from around the world. These stories are particularly valuable in that they can be used to take back to management to show them the need for adequate security funding.

Information Risk and Security: Preventing and Investigating Workplace Computer Crime is a densely packed treasure trove of invaluable information security knowledge. Anyone looking for a comprehensive guide to real-world information security, or looking to round out their security infrastructure is highly recommended to read this valuable reference.