Information security planning presents a comprehensive guide to the basics of information security planning. The author’s perspective addresses critical issues and challenges for emerging information security, including security awareness, strategic/tactical security planning, and national regulations and ethics. It was delightful to read such a book.

The book has many strengths. First, it covers the whole perspective of information security planning, from user education and management to regulations and techniques. Second, the author uses many exciting cases to explain the motivations and methods behind those security aspects. Readers can easily understand the functionality of those planning methods. Finally, unlike traditional information security teaching books, it includes many real-world cases from journals and newspapers that support the presented ideology.

The book also has some weaknesses. See, for example, Section 1.4’s perhaps technically controversial claim: “If a password is 12 alphabetical characters long, it can take up to 96 years, or as long as 500 years if you also include numbers in your password.” Actually, if the password is alphabetical only, it may not require such a long time to brute-force it with today’s graphics processing unit (GPU) power. Many technical controversies can be found in other parts of the book, too. The quality of the figures could also be improved. Some of them are quite simple and crude, for example, Figure 4.3.

Overall, it is a useful book for beginners in the field. It can also be helpful for managers and engineers to refine their information security planning.