The Business Case for Network Security: Advocacy, Governance and ROI

Read a review of the book: The Business Case for Network Security: Advocacy, Governance and ROI.

This article can also be found in the Premium Editorial Download: Information Security magazine: Why business managers are a breed of security professional:
THE BUSINESS CASE FOR NETWORK SECURITY: ADVOCACY, GOVERNANCE AND ROI
By Catherine Paquet and Warren Saxe
381 pages, $39.95
Cisco Press

@exb

THE BUSINESS CASE FOR NETWORK SECURITY: ADVOCACY, GOVERNANCE AND ROI
@exe

The Business Case for Network Security suffers from multiple personality disorder—it's geared simultaneously toward two different demographics. It attempts to provide security managers with a viable approach for pitching their agenda to the C-suite, but spends too much time pandering to senior management with Security 101 material: hacker motives, vulnerability windows, technical and procedural countermeasures.

The opening chapters provide standard fare, but other security books cover the same material more concisely and with more flair. The writing is mediocre and filled with verbosity and nonstandard technical terms. It could be improved substantially by tightening up the descriptions of the vulnerability types and tying them to meaningful business risk analyses.

The text also offers little help in the notoriously difficult task of quantifying security breaches. The advice for using available surveys, such as the CSI/FBI Computer Crime and Security Survey, is opaque at best. In a particularly telling excerpt, the authors warn that "statistics from different sources can appear to be conflicting," and that "it is prudent to error on the side of caution while continuing to study the trending"—which leaves the read to wonder which "cautious" side should one err on?

The Business Case for Network Security does contain some original material. Its two self-assessment surveys—the infosecurity management survey and the infosecurity operational survey—are interesting, but aren't available online and have limited use for calculating an organization's "risk-aversion quotient." The authors fail to instill much confidence that the results would be imbued with analytical value; they're the security equivalent of personality quizzes. The simplistic results ignore the subtle and complex analysis required to make an effective security decision.

While trying to angle to the security manager and the executive, The Business Case for Network Security winds up appealing to neither. Readers would be better off choosing a basic text to educate themselves on successful business politics and accounting rather than waste their time trying to understand this book.

--Patrick Mueller

Top Shelf
Visit SearchSecurity.com's Information Security Bookshelf for chapter downloads from these books and more.

High-Tech Crimes Revealed
By Steven Branigan
Addison-Wesley Professional

Cryptography for Dummies
By Chey Cobb
John Wiley & Sons

The Art of Computer Virus Research and Defense
By Peter Szor
Symantec Press

The Executive Guide to Information Security: Threats, Challenges and Solutions
By Mark Egan and Tim Mather
Symantec Press

Malware: Fighting Malicious Code
By Ed Skoudis and Lenny Zeltser
Prentice Hall

Phishing: Cutting the Identity Theft Line
By Rachael Lininger and Russell Dean Vines
John Wiley & Sons

This was first published in June 2005

Dig deeper on Business Management: Security Support and Executive Communications

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close