A little background may explain. The last time I went to a conference on cyber security I felt like an interloper at the Congregation of the Quivering Brethren. For those familiar with Stella Gibbons ‘Cold Comfort Farm’ this needs little explanation.
In an industry criticised for jargon, cyber security ranks at the end of the spectrum. The presentation style that was most warmly received made Amos Starkadder’s sermons seem like a bumbling village parson.
Constant exhortations that we’re all dammed, doomed, sinners left me waiting for someone to deliver the line: ‘there’ll be no butter in Cyberhell’.
A talk on Trojans reminded me of doing the Aeneid for O level Latin.
Anyway, I came away feeling the people I’d met were very clever, hardworking and kept us safe. I also hoped that none of my children would ever marry one.
In the spirit of above, I think I may now be able to repent.
The book is Mark Johnson’s ‘Cybercrime, Security and Digital Intelligence’. Mark’s writing style is to be commended on what is a difficult, complex and evolving topic. He follows the mantra of ‘keep everything as simple as possible but no simpler’, with ease.
It will stay on my shelf as a handy reference. It covers a lot of ground and explains the jargon well.
The book is in two parts, the cybercrime challenge and the cyber security response.
My current interests in social media risks and cloud risks were well served by the book. The chapter on web 2.0 clarified for me some thread where I’d got lost before. There are some issues around big data which I hadn’t picked up on which may prove helpful in due course. The final chapter gives a good primer on ICT trends and potential emerging and new forms of risk and security challenges. It’s given me some new avenues to follow up.
There are some good check lists in tables which can be put before business, non IT, professionals without overwhelming them.
My own feeling is that business often sees security as an IT problem and doesn’t want to engage. At the same time security officers need more engagement from the business and can feel undervalued or not believed.
If you’re in that problem space, Mark has done the domain a great service with this book.
My challenge to security professionals is to read this book. The business led approach and practical steps to security outlined here is much needed across public and private sectors. I feel more confident having read this book is that there is a tone for a dialogue around these topics which will interest and engage business as a more intelligent client for the cyber security challenges we face today, and will face in the future.