Principles and Practice of Information Security [Paperback]

Linda Volonino (Author), Stephen R. Robinson (Author)

Book Description

ISBN-10: 0131840274 | ISBN-13: 978-0131840270 | Publication Date: September 12, 2003 | Edition: 1

This book provides professionals with the necessary managerial, technical, and legal background to support investment decisions in security technology. It discusses security from the perspective of hackers (i.e., technology issues and defenses) and lawyers (i.e., legal issues and defenses). This cross-disciplinary book is designed to help users quickly become current on what has become a fundamental business issue. This book covers the entire range of best security practices—obtaining senior management commitment, defining information security goals and policies, transforming those goals into a strategy for monitoring intrusions and compliance, and understanding legal implications. Topics also include computer crime, electronic evidence, cyber terrorism, and computer forensics. For professionals in information systems, financial accounting, human resources, health care, legal policy, and law. Because neither technical nor legal expertise is necessary to understand the concepts and issues presented, this book can be required reading for everyone as part of an enterprise-wide computer security awareness program.

Editorial Reviews

From the Back Cover

This book provides professionals with the necessary managerial, technical, and legal background to support investment decisions in security technology. It discusses security from the perspective of hackers (i.e., technology issues and defenses) and lawyers (i.e., legal issues and defenses). This cross-disciplinary book is designed to help users quickly become current on what has become a fundamental business issue. This book covers the entire range of best security practices—obtaining senior management commitment, defining information security goals and policies, transforming those goals into a strategy for monitoring intrusions and compliance, and understanding legal implications. Topics also include computer crime, electronic evidence, cyber terrorism, and computer forensics. For professionals in information systems, financial accounting, human resources, health care, legal policy, and law. Because neither technical nor legal expertise is necessary to understand the concepts and issues presented, this book can be required reading for everyone as part of an enterprise-wide computer security awareness program.

Product Details

• Paperback: 256 pages
• Publisher: Prentice Hall; 1 edition (September 12, 2003)
• Language: English
• ISBN-10: 0131840274
• ISBN-13: 978-0131840270
• Product Dimensions: 9.1 x 7.3 x 0.7 inches
• Shipping Weight: 12.8 ounces (View shipping rates and policies)
• Average Customer Review: 5.0 out of 5 stars  See all reviews (3 customer reviews)
• Amazon Best Sellers Rank: #421,493 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

5.0 out of 5 stars Must have reading for the corporate "C" Level, October 19, 2007

By 

Trumpet pitched in A "Trumpet pitched in A" (Atlanta, GA USA) - See all my reviews

This review is from: Principles and Practice of Information Security (Paperback)

This book is a must read for the corporate "C" Level. It covers risk abatement, strategies, and tactics to maintain the security of your corporate information as well as your customers and employees information. As a few companies have recently sustained damages in the hundreds of millions from attacks on their security - this book may have prompted them to close a few "loop holes" that allowed the breeches.

Regards

Scott L
www.vision3llc.com

5.0 out of 5 stars Concise, clear, balanced, & useful coverage of IT security, March 14, 2004

By 

John Ashmead (Philadelphia) - See all my reviews

This review is from: Principles and Practice of Information Security (Paperback)

This book is short (good!) and full of information. The coverage seems very complete. The authors are careful not to get too involved in the details of the technology (also good, since said details will be obsolete in a year).

Instead they explain what security issues are significant, what the associated risks are, and what kind of cost effective responses are available. The emphasis throughout is on cost-effective responses: perfection is unaffordable, but not having a security policy is unacceptable. Volonino and Robinson focus on striking a middle ground.

I also liked their top down approach to IT security: 1) get high level commitment 2) lay out appropriate policies (& make sure everyone has signed off) 3) develop corresponding procedures 4) then, decide what mix of hardware, software, & network tools best implement those procedures. This starts with the people (most security problems can be traced back to human err) and avoids "vendor-driven security", which is seldom optimal for a specific situation. My favorite factoid from the book is that the quality of the security at a company is directly proportional to the rank of the chief security officer, i.e. to how seriously the company takes security.

All in all, "Principles and Practice of Information Security" is a very good place to start if you want to get a handle on IT security. And I think it will also function well as a way to review how balanced and thorough your existing security plans are.

1 of 2 people found the following review helpful:

5.0 out of 5 stars Information Security in a Nutshell, March 31, 2004

By A Customer

This review is from: Principles and Practice of Information Security (Paperback)

This was a wonderfully concise, readable and intelligent book on the characterization and management of all the issues surrounding information security. Rather than focusing on the bits and bytes, this book identifies, explains and suggests how to go about managing issues related to Information Security.

There is a particularly good and unique discussion of the legal implications surrounding information security management/mis-management. This is an area that is increasingly important for everyone who touches a system with any kind of business information. Sometimes we don't always appreciate all of the implications associated with access to business information. Included are invaluable citations of related case law, statutes and legal precedents. After reading this book, I can't imagine not having read it! I will continue to encourage my management, colleagues and reports to read it for a compulsory grounding in the implications of the information that they are handling.

I found this book to be an invaluable companion volume for preparation for the CISSP. After reading this book, I developed a clear information security intuition that made many of the CISSP study questions easier to answer.

Paul Mundell
Symantec Corporation