Information Security Policies and Procedures: A Practitioner’s Reference. Second Edition. By Thomas R. Peltier; published by Auerbach Publications, 800/272-7737 (phone),www.crcpress.com "> www.crcpress.com (Web); 408 pages; $79.95.
The path to information security is a long one, but in this book author Thomas Peltier makes the scenery attractive along the way. Peltier walks the reader through almost 400 pages on infosec policies and procedures with clarity, completeness, and humor.
Part one covers infosec policies and procedures, and part two is an information security reference guide. The journey through both is pleasant, but familiar, somewhat like an afternoon stroll through well-trod terrain. Neither part contains any revelations, but each is well constructed and brims with relevant information that is easy to find.
In a few instances, however, a misleading or jarring sentence pops up in the text, sort of like a pebble lodging in a boot. In part one, Peltier writes: “All information is created equal, but not all information is of equal value.” Part two then contains this contradictory sentence: “All information is not created equal.” As another example, the author defines company-approved software as “any software not approved, purchased, screened, managed, and owned by the organizations.” Finally, in the introduction, the author refers to “12 enterprise-wide (Tier 1) policies,” but later he only mentions 11.
Harping on these flaws may be nitpicking, because they are likely to be seen by readers as typographical or proofreading errors, which they probably are. But they detract slightly from the overall quality of the publication.
Overall, however, the journey is pleasant, largely fulfilling, and worthwhile. Especially if you don’t mind the occasional pebble.
Reviewer: Derek Knights, CPP, CISSP (Certified Information Systems Security Professional), is an internal consultant on security, risk assessment, and investigations with Ontario Power Generation, Inc., in Toronto, Ontario, Canada. He is a member of ASIS.