Information Risk And Security: Preventing And Investigating Workplace Computer Crime


Posted on by Ben Rothke

As of mid-December 2009, Information Risk And Security: Preventing And Investigating Workplace Computer Crime by Edward Wilding, has a disappointing Amazon.com sales rank of 2,458,866. 

While the books list price of $160.00 may be partly to blame for that, the reality is that too many people mistakenly and naively think that information security is simply about keeping the hackers out. But hackers are only one of myriad risks within information security. In Information Risk and Security: Preventing and Investigating Workplace Computer Crime, author Edward Wilding does a superb job in showing the reader what it takes design and build a comprehensive information security program. 

The book starts out with a bang and discusses one of the more considerable threats, the insider threat. The book details how Nick Leeson single-handedly brought Barings Bank to bankruptcy via uncontrolled insider access. The book notes that every business has a potential Leeson, a human time-bomb ticking away, often completely unidentified and waiting to take advantage of potentially dangerous system exposures. 

The insider threat is one of the most dangerous threats, and also one that most organizations do not properly defend themselves against. The book notes that the insider is in a better position to execute their crimes given their direction operation access to systems, and a day-to-day knowledge of how these systems and processes operate. 

Security luminary Marcus Ranum notes that people often seem to want to treat computer security like it's rocket science or black magic. In fact, computer security is nothing but attention to detail and good design. In 19 densely packed chapters, the book writes about those very details of the many contemporary security issues facing organizations today. 

Rather than relying on the FUD (fear, uncertainty and doubt) factor that often permeates much of information security, each chapter provides numerous real world references studies of computer security incidents from around the world. These stories are particularly valuable in that they can be used to take back to management to show them the need for adequate security funding. 

Information Risk and Security: Preventing and Investigating Workplace Computer Crime is a densely packed treasure trove of invaluable information security knowledge. Anyone looking for a comprehensive guide to real-world information security, or looking to round out their security infrastructure is highly recommended to read this valuable reference.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs