Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Building an information security awareness program : defending against social engineering and technical threats
Gardner B., Thomas V., Syngress Publishing, Boston, MA, 2014. 214 pp. Type: Book (978-0-124199-67-5)
Date Reviewed: Jan 7 2015

As it is often said, people are the weakest link in information security. For this reason, security training and education, or security awareness, as it commonly called, is generally acknowledged to be a key element at the base of any security program. In practice, there is the widespread perception that most security awareness initiatives are not sufficiently effective, to the point that some experts suggest that a better return on investment would be obtained by focusing the attention on designing better systems and stronger security controls.

In their book on building an information security awareness program, authors Gardner and Thomas present a comprehensive introduction to the human factors that have an impact on the delivery of effective security, as well as practical proposals for the defense against social engineering and technical threats. The contents are organized in 14 chapters, starting from the enumeration of basic concepts such as roles and responsibilities, social engineering, and training types, and continuing with the definition of the outline of a broad training program.

The key is not to just make people aware of what is good security, but to make them change their behaviors in a positive way. This requires, in turn, the availability of effective training content that is hands on; is interactive, with measurable key performance indicators; and can be administered in an ongoing way, with periodic refreshers to match the fact that security is a process and not a one-off event.

The book is really at an introductory level, and can serve as a useful tool for small businesses and other entities that are still working toward the definition of their structured security awareness program. The appendixes are particularly valuable, as they offer a compendium of useful sources for additional information like reference documents, sample policies, commercial training offerings, and security awareness posters. Legal compliance information is also provided, but unfortunately the focus chosen by the authors is restricted to the law of the US, making that section less relevant for readers who reside in Europe or Asia, for example. Overall, this is an interesting read that is appropriate for those who are seeking initial information on this highly relevant matter.

More reviews about this item: Amazon

Reviewer:  Alessandro Berni Review #: CR143058 (1504-0284)
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Security and Protection (K.6.5 )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
CIRCAL and the representation of communication, concurrency, and time
Milne G. ACM Transactions on Programming Languages and Systems 7(2): 270-298, 1985. Type: Article
Oct 1 1985
Computer security risk management
Palmer I., Potter G., Van Nostrand Reinhold Co., New York, NY, 1989. Type: Book (9780442302900)
Apr 1 1991
Computers at risk
, National Academy Press, Washington, DC, 1991. Type: Book (9780309043885)
Oct 1 1991
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy