***** Larstan’s The Black Book on Corporate Security. Edited by Larstan Publishing; published by Larstan Publishing, www.blackbooksecurity.com (Web); 312 pages; $49.95.
It was the best of times, it was the worst of times, begins Dickens’s A Tale of Two Cities. So it is with this book. At times penetrating, at other times maddening, The Black Book on Corporate Security is wildly uneven. It starts at the title: Far from being an all-encompassing book on corporate security, it almost exclusively covers information security.
The roller coaster continues from there. The various authors enlisted to contribute to this book are all obviously masters of their topics, and they provide lots of good information. But several of the authors work for large software companies that make computer security products, and their articles include “case studies” that uncritically discuss how their clients have solved problems by using those products. These selections blur the line between scholarship and advertising.
With the use of boxes and pull quotes, the book seems to strive for an edgy magazine feel. While these break up the text and provide some useful information, they are often repetitive or simplistic.
Jim Kennedy’s chapter, “Business Continuity and Disaster Recovery,” deserves special mention because it is an excellent overview of the changes to traditional disaster planning brought about by the World Trade Center attacks. Less successful is a chapter entitled “Blending Corporate Governance with Corporate Security,” which discusses Sarbanes-Oxley. The author asserts that Section 404 of the act deals with “systems of control,” which he says are by their very nature computer information systems. Yet Section 404 does not specifically mention computer systems, and any security requirements beyond those necessary to ensure accurate financial accounting and reporting are beyond the scope of Sarbanes-Oxley. To flatly state that increased information security measures are required under this law is misleading.
On balance, there’s some good information to be found here by information security professionals, but the content overall is inconsistent.
Reviewer: Ross Johnson, CPP, is a retired Canadian Forces Intelligence Officer working for an offshore-drilling company in Houston. He is a member of the ASIS Oil, Gas, and Chemical Security Council.