Most helpful positive review
4 of 5 people found the following review helpful
An Excellent Book for the Security Professional
on January 2, 2010
I have know Tom Norman for many years, and I do not know anyone that can match him for the depth of knowledge and experience he has in the security profession. He has a gift for understanding and communicating the essence of something: he can tell you not only what is important, but why it is important, and how it relates to other components within an overall security system. I consider his books to be essential toolbox works, destined to be dog-eared, annotated, and bristling with Post-It Notes. They don't belong on the bookshelf, but in the field or on the desk, where you can reach them easily.
This book does not disappoint. It is rich in detail, filled with how-to information that will guide the reader through the risk analysis process from the beginning to the end. The section on selection of methodologies provides the reader with information on what is available and their strengths and weaknesses. The author contributes one that he developed from studying al Qaeda: called the KSM-Asset Target Value for Terrorism Matrix. Named for Khalid Shaihk Mohammed, it provides a methodology for asset target valuation that closely mirrors the apparent priorities of the foremost terrorist network in the world today, giving security professionals insight into the relative value their assets may have to a terrorist adversary.
The premise of this book is that security is a seamless process that connects threat to analysis to behavior to countermeasures to metrics and finally reporting. The author covers each topic in great detail, explaining concepts, discussing competing theories, ultimately assisting the reader in making the decision of what will work for his or her organization. The author guides, but does not preach.
This book contains excellent material on security management as well. It describes the role of security policies and how they fit the security management framework. This book takes the correct but often overlooked view that security policies are a part of the chain connecting risk analysis with the selection and implementation of appropriate countermeasures.
The discussion on countermeasures is detailed and comprehensive as well. Mr. Norman has a tremendous background in security technology, and that really shines through in this part. He explains how all the countermeasures work, how they fit into a security plan, and how to measure their performance.
There is material in this book for all levels of security professional - the beginner all the way through to the experienced practitioner. It would also make an excellent textbook for any course on security management, risk analysis, security policy development, or countermeasure planning.