Amanda Finch, David Sutton
Editor: Andy Taylor
Publisher: The British Computer Society
Paperback: 216 pages
Readers in India:
This book is aligned to the syllabus of the CISMP (Certificate in Information Security Management Principles) exam conducted by the British Computer Society.
It consists of following four chapters:
1. Information Security Principles: Here the basic principles of Information Security are covered and specific terminologies are defined. The relationship between Information Assurance management and the environment in which it operates is also discussed.
2. Information Risk: In this chapter the basic terminology of risk is introduced. This is followed by discussion on potential threats, vulnerabilities and the processes for understanding and managing the risks associated with Information Systems.
3. Information Security Framework: The basic principles for establishing and managing an Information Security Framework in an organization are covered in this chapter. The role, use and implementation of policy, standards and procedures, Information Assurance governance, security incident management in this framework are then discussed.
4. Information Security Controls: Here the controls implemented to protect against the security incidents are discussed in details along with the process of detection, prevention and mitigation of such incidents.
A simple and realistic case study with relevant exercises runs throughout the book. These exercises will give the readers some guidance on how to apply the Information System Management principles in real life situations.
The layout of the book could be better. The inside pages have a monotonous and soporific look being densely packed with text with very few illustrations and almost indistinguishable section headings.
But overall a fairly good and concise introductory book on the subject.