This book has the organization and feel of an extended research paper. It discusses the impacts of technology on small-to-medium enterprises, and the need for a risk assessment model. It is challenging to identify an audience for the book as a whole, since some chapters are too basic for advanced readers, and others are too brief for novice readers. For example, section 4.1 of chapter 1 unnecessarily describes what email, voicemail, video conferencing, and other technologies are. On the other hand, section 6 of chapter 1 describes, in a brief fashion, more advanced topics, such as cryptography, Internet protocol security (IPSec), secure electronic transaction (SET), and others. I would not recommend this book for academic use, but it could be useful for researchers interested in the author’s research results.

Seven chapters make up the book. Chapter 1 motivates the need for security and risk assessment. It also provides a complete list of the technologies available for improving the security of business operations via the Internet. Chapter 2 outlines the impacts of technology on enterprises, and inherent security problems in the networking protocols in use today. These security problems are extensively listed, although previous networking knowledge is required in order to fully understand some of them. Chapter 3 mainly defines risk, and introduces the different risk assessment models in the literature. The author systematically and objectively points out the weaknesses in each of these approaches to modeling. Chapter 4 attempts to resolve the weaknesses discussed in chapter 3 by introducing and analyzing the author’s own proposed risk assessment model. Chapter 5 presents the results of a security-related survey administered by the author. Chapter 6 discusses threats,! risk, trust, government concerns over security, and other related topics. Chapter 7 concludes the book.

The book’s topic is very well researched, as is evident from the numerous citations and references available at the end of each chapter. However, the book is very poorly edited. More than 60 spelling, grammatical, and other editorial mistakes were identified. Among these mistakes are incomplete sentences (page 24), missing punctuation marks (page 39), a missing figure (page 22), inconsistencies between text and graphical data (page 122), and repeated sentences (page 17). In addition, the reader gets the feeling that many statements and ideas are repeated too many times throughout the book. Although the book thoroughly and clearly discusses several topics, some of its sections could have been more concisely and clearly presented.