This book provides broad coverage of a number of important aspects related to the security of computer systems. The author does indeed stress the critical component of the human factor in evaluating the security of a system. However the book also discusses other topics central to this theme. Chapters are devoted to:
In addition there is an introduction as well as a glossary (particularly helpful to management-level people not familiar with the jargon) and a short bibliography. Unfortunately there is no conclusion, which would have been very useful as a means for tying together several different themes involving computer security. This book would be a valuable source for someone without a background in computer systems who wanted a general survey of the topic. In addition, it is also a useful source of information for people with computer backgrounds who need to brush up on the broad range of concerns one needs to address in planning for security. The author makes effective use of case studies to emphasize most of her major points.
Among the attributes of this book which this reviewer especially liked were:
1. A brief summary of what legislation is most useful to know.
2 The complexities related to planning for the security of distributed data processing systems.
3 The importance of cost/benefit analysis (with a nice example of how to do one).
4 What forms are helpful (and why).
5 Continued stress on the fact that security must be based on loyal, trusted employees. (The most common computer crimes are the theft and copying of software and data.)
In conjunction with this last point, this reviewer found the comments about cognitive style positioning very interesting. This method seems to have potential for selecting appropriate people for certain jobs, and especially for rewarding them commensurate with their contributions. And happy, satisfied employees are the most critical components in the security of a computer system. The only problems which readers might experience with this book are disappointment that various topics aren’t covered in more depth and that there is not a conclusion to bring some of the points into sharper focus. For example, a final case study describing how an organization has successfully applied the principles described here would have added a nice finishing touch.
The price of $24.95 for a 162-page book is expensive, yet in this case worthwhile. Even someone who works in this field might discover a new idea which could result in major savings. The book is easy to read and would appeal to people without computing backgrounds as well as specialists.
