Jeremy Swinfen Green, Paul Dorey
9 out of 10
Information Security has increasingly become an important topic for most IT Professionals. It seems that on almost daily basis, we hear of yet another data breach, or receive warnings about hackers, phishers, or scammers, attempting to gain access to the data assets of organisations, both big and small. However, the authors of this book would argue that the majority of data losses are actually the result of the activities of the businesses’ own staff. It might be thought that this is a cynical view; but it is backed up by considerable research within the industry, and by a wider analysis of security issues within different sectors of commerce.
The authors provide an excellent discourse on the topic, with many examples used to highlight how rogue employees at many companies have been able to bypass processes or foil security procedures. As they illustrate, this often may not be for deliberately malicious reasons; but as the writers’ demonstrate, the end result is just as toxic to the enterprises as a considered attempt to steal property.
The book offers a considerable insight into the reasons behind the potential issues, with descriptions of the psychology, behavioural patterns, motivations and perceptions of those that might be the cause of so many issues. They make suggestions on how and why these come about and point to alternatives to try and alleviate the problems, and especially on how to avoid them in the first place.
The theme also covers a wide range of the various aspects of data security, highlighting problems with hardware, systems, software and processes; and emphasises the particular issues within those areas. At the same time, they also offer some brief ideas on what remedial action might be taken to provide some sensible planning to try and avoid the worst of these problems.
It might be thought that this topic would produce a tedious or overly complex piece of work; however, the book is very well written, and organised in such a way that allows the reader to follow the principle concepts, even if they choose to jump about between the sections rather than read straight through. The text is well arranged and broken up appropriately with anecdotes, examples, diagrams and external comments about the various issues.
Although aimed particularly at the security team members, it is an extremely good book on the topic; and would be of importance to anyone working within IT.
Further information: Bloomsbury Publishing