Inside the Security Mind: Making the Tough Decisions

Inside the Security Mind: Making the Tough Decisions. By Kevin Day; published by Prentice Hall www.phptr.com (Web); 309 pages; $40.49.

 Does your organization make information security decisions with a developed security mind? To answer that question, of course, you have to know what a "security mind" is in the context of IT. Kevin Day's book takes readers on that heady journey.

Developing a security mind, contends Day, involves moving from a focus on details to an overarching sensitivity to basic virtues and rules of security. Fundamental to the security mind are four security virtues and eight rules of IT security.

Virtue one dictates that IT security must be a daily consideration in every area. Virtue two states that IT security must be a community effort. Virtue three requires a higher, general focus on IT security. Virtue four mandates at least some measure of IT security training for everyone in the organization.

Derived from the virtues, the eight security rules are fundamental practices that must underlie all decision making. Day also introduces other security practices that will keep information systems safe. They include using layered security, creating chokepoints for incoming traffic, and dividing security responsibility.

The reader is not stranded in the abstract, however; the author shows how these practices apply to the decision-making process through several case studies and examples. For example, the rules are applied to battling hackers, conducting assessments and audits, and building a successful security team. The final chapters discuss issues such as system defenses, monitoring, and authentication.

With a rational thought process and convincing presentation, Day successfully advocates the importance of developing a security mind. He has taken an extremely difficult problem and created a workable plan for information security that can be used to train IT staff at all levels.

Reviewer: David O. Best, CPP, CBM (Certified Business Manager), is a security manager with Northrop-Grumman Mission Systems in Van Nuys, California. He is a member of ASIS International.