Keywords
Citation
Eden, B. (2002), "Security Transformation: Digital Defense Strategies to Protect Your Company's Reputation and Market Share", The Bottom Line, Vol. 15 No. 1. https://doi.org/10.1108/bl.2002.17015aae.002
Publisher
:Emerald Group Publishing Limited
Copyright © 2002, MCB UP Limited
Security Transformation: Digital Defense Strategies to Protect Your Company's Reputation and Market Share
Security Transformation: Digital Defense Strategies to Protect Your Company's Reputation and Market Share
McCarthy, M.P. and Campbell, S. with Brownstein, R.2001McGraw-HillNew YorkKeywords: Data security, Hacking, Computer security
This book examines enterprise and computer security in today's marketplace. It details the kinds of methods and tools available for assessing security vulnerabilities, and methods used for looking beyond your current security environment to one that will serve your present and future needs in the most scaleable and least disruptive way. A combination of statistics, case studies, interviews and recommendations, the authors show the reader how to determine your company's biggest vulnerabilities, detail the methods for treating those vulnerabilities, and provide the tools to help lift your information security program from a supporting role into one that advances your business goals and objectives. Computer network security is no longer a little-noticed, back-office responsibility – it is among the most critical issues facing businesses today. This book covers everything from the psychological aspects of system security to the actual nuts and bolts of instituting a structured enterprise security architecture.
What is nice about this book is that the writing style is highly accessible, non-technical, and jargon-free, despite the subject area. The authors go out of their way to present the material as simply as possible; therefore, this book is primarily geared as an introductory guide to the topic for both amateurs and specialists alike. Recent examples of real-life computer network security breaches and hackings are provided, along with steps towards planning an enterprise security architecture and initiating both detection and response components to your security system.
What is particularly useful about the book is the practical advice that the authors provide, much of which is non-technical. For instance, an interesting statement is that they would choose a well-briefed and well-trained staff, using barely adequate technologies, over a staff equipped with the latest and most up-to-date technologies, but lacking comprehensive policies and training. If there is one important point to be taken from this book, it is that the planning and understanding of security policies and procedures by everyone in your company is of primary importance to the successful implementation and monitoring of computer and company security. As the book progresses into ways of planning and integrating an enterprise security architecture into your company, the language becomes more technical but not inaccessible; in fact, suggestions are made regarding products to purchase, current technology being developed, and company policies and procedures to emulate or consult. More acronyms begin to appear as well, but each is explained and defined in simple, jargon-free language.
Two appendices, "New strategies for success in e-business" and "E-commerce and cyber crime", are excerpts from white papers produced within the authors' company. There is also a short glossary and index. This book would be especially useful as a textbook in introductory computer security classes. It fits well into the current body of knowledge on this subject; in fact, the authors have set up the information in the book to become outdated rather quickly due to their discussion in chapter 10 of current privacy and security bills in front of the 107th United States Congress, along with the recent terrorist attacks in the USA with the resulting sweeping changes in security procedures. The book is well-written and highly practical in its presentation and suggestions, and I highly recommend it as reading for anyone involved in their company's computer network security.
Brad EdenHead of Bibliographic and Metadata Services, University of Nevada, Las Vegas, Nevada, USA