The "little black book" is synonymous with your college roommate's address book and your Rolodex of industry contacts. Larstan Publishing has taken this concept and applied it to information security with The Black Book on Corporate Security, a collection of security management essays on topics ranging from intellectual property protection to identity theft. As a play on the title, the phone numbers and e-mail addresses of the book's 17 authors are also listed, along with numerous vendor and organizational contacts.
Each essay is written by a different author, and the quality varies from easily digestible to barely readable. The essay Identity-Aware Business Service Management makes some valid points, but the authors' writing style obscures rather than illuminates their arguments. In contrast, Preempting Data Warfare: The Art of Comprehensive Vulnerability Management is well written and makes its points quite plainly. Author Maria Cirino (a VP at VeriSign) makes clear the often murky distinction between vulnerability scanning and true vulnerability management, and blueprints a comprehensive business strategy.
Although the book strives for neutrality, virtually all of its contributors work for vendors. So, it wasn't surprising to see product names pop up; the case studies and the appendix often read like marketing brochures. Also not surprising, rather than approaching individual agnostic authors, Larstan solicited chapter proposals that appealed to corporate PR departments looking to get their executives (and their products) in print.
The book's biggest flaw, though, is its complete lack of focus. Put together, these essays cover a lot of ground, too much for any single volume to handle. No chapter contains sufficient information to start implementing a new process or policy, and further research is necessary to produce actionable plans.
The inclusion of a bibliography or a reading list for each chapter would have increased the book's value.
In the end, The Black Book on Corporate Security has some interesting nuggets of insight, but little else. This could be the only "little black book" you won't want to keep.
This was first published in June 2005