'Black Book' offers tidbits, but not worth keeping

The Black Book on Corporate Security 439 pages $49.95                                     Larstan Publishing

The "little black book" is synonymous with your college roommate's address book and your Rolodex of industry contacts. Larstan Publishing has taken this concept and applied it to information security with The Black Book on Corporate Security, a collection of security management essays on topics ranging from intellectual property protection to identity theft. As a play on the title, the phone numbers and e-mail addresses of the book's 17 authors are also listed, along with numerous vendor and organizational contacts.

Information Security Bookshelf Read Chapter 7, Defending the digital you Read the forward by Howard Schmidt Share your opinion of this book

Each essay is written by a different author, and the quality varies from easily digestible to barely readable. The essay Identity-Aware Business Service Management makes some valid points, but the authors' writing style obscures rather than illuminates their arguments. In contrast, Preempting Data Warfare: The Art of Comprehensive Vulnerability Management is well written and makes its points quite plainly. Author Maria Cirino (a VP at VeriSign) makes clear the often murky distinction between vulnerability scanning and true vulnerability management, and blueprints a comprehensive business strategy.

Although the book strives for neutrality, virtually all of its contributors work for vendors. So, it wasn't surprising to see product names pop up; the case studies and the appendix often read like marketing brochures. Also not surprising, rather than approaching individual agnostic authors, Larstan solicited chapter proposals that appealed to corporate PR departments looking to get their executives (and their products) in print.

The book's biggest flaw, though, is its complete lack of focus. Put together, these essays cover a lot of ground, too much for any single volume to handle. No chapter contains sufficient information to start implementing a new process or policy, and further research is necessary to produce actionable plans.

The inclusion of a bibliography or a reading list for each chapter would have increased the book's value.

In the end, The Black Book on Corporate Security has some interesting nuggets of insight, but little else. This could be the only "little black book" you won't want to keep.

Sound Off! -   Post your comments |  See others' comments (1)

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT SSL How to test the security of personal details submitted to a website Should enterprises implement a mandatory iPhone VPN? Should iPhone email be sent without SSL encryption? How to secure an FTP connection Can Trojans and other malware exploit split-tunnel VPNs to infiltrate a network? What are the risks of connecting a Web service to an external system via SSL? What is the most secure way for application developers to manage cookies? Secure file copying with WinSCP Should an IT staff be concerned with a network's physical security? Will FTP ever be a secure way to transfer files? Remote Access Management Partner access: Balancing security and availability Cisco injects role-based access control into the network Information security book excerpts and reviews What are the dangers of Web-based remote access systems? NAC switches, appliances help track users, malware Is it safe to use remote access tools to grant system access? Microsoft NAP-TNC compatibility won't speed adoption, users say Inviting Risk Secure Remote Access Emerging Technologies

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary SSL VPN  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary