The security handbook that every spy should read

Information Security Management Handbook 4th ed
Harold F Tipton & Micki Krause.
Auerbach Publications
£65.00
Date published: 2000. Content: 711 pages. Tel: +44 (0)1462 488900 Fax: +44 (0)1462 483011

If your staff can keep hold of their laptops, when all about you are losing theirs, then you probably have an effective Information Security policy. If though, like the British Intelligence Services, there are indications that your Information Security policies and practices are not as they should be – then this is the book for you.

The detail, scope and foresight of this book is exceptional. For instance, within chapter 23 the security risks relating to laptop computers are described. This section includes a scenario which almost exactly mirrors the recent disastrous loss of a laptop computer, as suffered by an MI5 employee at Paddington station. The passage continues: “More organised felons will target [computer] notebooks at locations such as airports, where there are rich pickings”.

Although these conclusions may seem obvious to some (albeit that they appear to be ignored by others), the book’s spot-on accuracy cannot be denied. It is this sharpness of detail, combined with the up-to-date contents, which makes the book a compelling read. The subject of information and IT Security can be heavy going, particularly for non-specialists, but I found this book clear and understandable.

In total there are thirty-one chapters to the book and the topics include:

Access Control Systems, Network Security, Security Management Practices, Security Architecture, Computer Operations Security, Continuity Planning and Physical Security.

Each chapter of the book has been compiled by a separate commissioned author, invariably a well-known figure in the field. Of particular interest and use to me were the chapters on Security Awareness Training (by Tom Peltier) and Computer Crime Investigation (by Thomas Welch).

The only specific flaw of the book is the common factor relating to it’s American origin. This means, for example, that the book makes no mention of BS 7799 (The Information Security Management Code of Practice). Despite this, the book’s target audience, Information Security practitioners, will find it of great interest and value and it should also be highly recommended to those undertaking academic study of Security Management.