As of mid-December 2009, Information Risk And Security: Preventing And Investigating Workplace Computer Crime by Edward Wilding, has a disappointing Amazon.com sales rank of 2,458,866.
While the books list price of $160.00 may be partly to blame for that, the reality is that too many people mistakenly and naively think that information security is simply about keeping the hackers out. But hackers are only one of myriad risks within information security. In Information Risk and Security: Preventing and Investigating Workplace Computer Crime, author Edward Wilding does a superb job in showing the reader what it takes design and build a comprehensive information security program.
The book starts out with a bang and discusses one of the more considerable threats, the insider threat. The book details how Nick Leeson single-handedly brought Barings Bank to bankruptcy via uncontrolled insider access. The book notes that every business has a potential Leeson, a human time-bomb ticking away, often completely unidentified and waiting to take advantage of potentially dangerous system exposures.
The insider threat is one of the most dangerous threats, and also one that most organizations do not properly defend themselves against. The book notes that the insider is in a better position to execute their crimes given their direction operation access to systems, and a day-to-day knowledge of how these systems and processes operate.
Security luminary Marcus Ranum notes that people often seem to want to treat computer security like it's rocket science or black magic. In fact, computer security is nothing but attention to detail and good design. In 19 densely packed chapters, the book writes about those very details of the many contemporary security issues facing organizations today.
Rather than relying on the FUD (fear, uncertainty and doubt) factor that often permeates much of information security, each chapter provides numerous real world references studies of computer security incidents from around the world. These stories are particularly valuable in that they can be used to take back to management to show them the need for adequate security funding.
Information Risk and Security: Preventing and Investigating Workplace Computer Crime is a densely packed treasure trove of invaluable information security knowledge. Anyone looking for a comprehensive guide to real-world information security, or looking to round out their security infrastructure is highly recommended to read this valuable reference.