Securing Business Information: Strategies to Protect the Enterprise and Its Network (IT Best Practices series) Review

Average Reviews:

(More customer reviews)Of all the security books I've read this one stands out as the best for two reasons: (1) it lays out what is needed and the steps to take to develop an enterprise security policy in a clear, logical sequence, and (2) there no gaps in the proposed process. Indeed, it appears that the authors had 'due diligence' as their foremost principle when they wrote this book. In addition their experience is evident by the way they approach the subject and tie it together.
The approach is straightforward: initiate, assess, gather requirements, perform a gap analysis, develop a baseline and implement. What makes the approach unique is the 'divide and conquer technique that partitions the business into security domains. This has benefits beyond decomposing the complexities of enterprise security into manageable pieces - it can also be linked into enterprise problem management and business continuity planning processes because you're forced to examine your resources and systems, and to prioritize them according to their criticality. I also liked the discussion of policies, which discussed the merits of identity-based and role-based approaches, and included excellent advice on policy auditing. One strong point about this section was the treatment of finding documented *and* undocumented policies. This material is applicable to anyone who is involved in policies and procedures development, regardless of whether or not it's related to security. I also especially liked the chapter on trust modeling. This is one area where I learned much from the book.
I've only touched upon key elements of this book. A review of the table of contents will reveal that it's complete and filled with case studies and important discussions of technologies that can be employed to create an effective enterprise security posture. This book is obviously applicable to security specialists, but is also useful to business continuity planners, service delivery practitioners and service providers. It is, to date, the best book on security from among the 20 I've read, that I've come across. It's also a complete recipe for a successful development and implementation of enterprise security policies, processes and procedures.

Click Here to see more reviews about: Securing Business Information: Strategies to Protect the Enterprise and Its Network (IT Best Practices series)

Click here for more information about Securing Business Information: Strategies to Protect the Enterprise and Its Network (IT Best Practices series)