Principles of Information Systems Security

Gurpreet Dhillon

Publisher Wiley
ISBN 978-0-471-45056-6
RRP £60.95
Reviewed by Mehmet Hurer MBCS
Score 7 out of 10

PrinciplesSecurity I'm not sure if this book is intended for students or managers, but either way it succeeds in providing a sufficient overview of security concepts and technologies, management responsibilities and the softer social issues associated with information systems security.

The book covers a broad range of security issues, and to a sufficient level of detail to gain an appreciation of the topics. This includes security models, policies, governance, threats, risk management, encryption, network security and standards. This is supported by numerous, and fortunately concise, case studies which help to stimulate the reader and reinforce some of the key concepts.

Since the author is based in the States, be aware that the legal aspects and, to a lesser degree, discussion on computer forensics are very much geared towards the US. So don’t expect a discussion on UK or European information technology legal considerations, such as the Data Protection Act or Computer Misuse Act. However, the ISO17799 standard (internationalised version of BS7799) is covered.

The final quarter of the book is dedicated to ten detailed case studies. I found this very interesting reading and believe it should make even the most complacent manager pay attention and take security and fraud seriously. It also serves to reinforce the point that security is more than just making sure you have technical controls in place; people issues are far more important.

Further information: Wiley