Andrew Hawker
Routledge
£24.99
2000, 332 pages, Ordering details: Telephone +44 (0)1264 343071, fax: +44 (0)1264 342787, Internet: www.tandf.co.uk
My skills are adequate, but offer plenty of room for improvement. If you fit into this category then you too will find 'Security and Control in Information Systems' a positive benefit.
Material in this book is based very much upon explaining, illustrating and supporting the author's eight chosen objectives that must be attained for IT security and control. These are: protecting secrets, promoting accuracy, preventing tampering, proving authorship (by way of cryptographic keys), challenging repudiation (denial of actions), authenticating over time (documents), ensuring survival (systems and data) and, last but not least, maximising 'auditability'.
The book plays host to 14 chapters in all spread over six sections, in which each of the aforementioned principles are adequately explained. The sections containing the chapters include: threats and risks, controls for internal services and networked services, business continuity and archiving, computer audit and regulations and controls.
As a security manager, an increase in your confidence levels regarding IT issues and a sound understanding of the principles of IT security must be a fundamental requirement in this high tech day and age. For most readers of this book that objective is very much a reality.
A further declared objective of Hawker's work is to equip the reader with enough knowledge to take part in an information systems review in line with BS 7799 (the information security management standard).
Written from a UK perspective – and thus touching on important aspect such as the Data Protection Act and the Misuse of Computers Act – it would be a great surprise to me if 'Security and Control in Information Systems' did not become a standard work in the field of IT security in general, and for students of IT and information systems in particular.
Source
SMT