Pipkin discusses almost every conceivable aspect of information security, all the way from the changing environment in which organizations now find themselves, through all aspects of business analysis, policies and procedures, implementation, incident handling, and postmortems, right through to the prosecution of wrongdoers. Everything is treated carefully, at a useful level that is easy for any computer professional to understand.

What Pipkin does not do is, forgivably, go into detail on any point or, less forgivably, say anything about where readers can find more detail. There is no bibliography, and there are no useful references. This book is an excellent starting point, but no more.

A few lacunae are hard to understand in a book with the word “global” in its subtitle and “Legal . . . implications” mentioned prominently on its cover. There is no mention at all of the data protection laws that exist in every industrialized nation except the United States. The book does not discuss such important legal questions as how organizations’ overclassification of data, or failure to warn electronic trespassers, may affect their legal standing when they sue employees for failing to protect or stealing data, or outsiders for penetrating or misusing their systems.

The book is well written, presented in a reader-friendly format, and relatively competently edited. The meager index is adequate for a book organized as well as this one is.