Site Map - Book Reviews

Information Security Policies and Procedures: A Practitioner’s Reference. Second Edition

- Part one covers infosec policies and procedures, and part two is an information security reference guide. The journey through both is pleasant, but familiar, somewhat like an afternoon stroll through well-trod terrain. Neither part contains any revelations, but each is well constructed and brims with relevant information that is easy to find.

Disaster and Recovery Planning: A Guide for Facility Managers.

- Specific disasters including fires, bomb threats, and earthquakes receive individual attention. Probably to illustrate the extent and magnitude of disasters, Gustin includes lists of disaster and emergency declarations made in 2002 and 2003 that run for pages, from flooding in Arkansas to typhoons in the Federated States of Micronesia. The author’s good intentions aside, the lists don’t merit that much space.

Essentials of the Reid Technique: Criminal Interrogation and Confessions

- Many experts consider the Reid Technique to be the leading method on interviewing and interrogation and Criminal Interrogation and Confessions to be the seminal textbook on the subject. Now the developers of the Reid Technique have created an abridged version of the classic textbook, called Essentials of the Reid Technique: Criminal Interrogation and Confessions.

Secrets of Computer Espionage: Tactics and Countermeasures

- Just who is spying on whom? The author explains that the typical person might be a target of bosses, friends, family members, hackers, and many others. Even people with nothing confidential or of value on their computers risk getting caught up in espionage and other cyber capers. For instance, hackers can use their computers as vehicles for staging attacks or as a location for storing illicit files, such as child pornography. And as more cell phones and PDAs connect to the Internet, the risks multiply.

Imperial Hubris: Why the West Is Losing the War on Terror.

- If only the location of Osama bin Laden were as easy to discover as the identity of the “anonymous” author of Imperial Hubris, an insider’s view of the search for bin Laden and a critique of the overall war on terrorism. A new edition names Michael Scheuer, a counterterrorism expert from the CIA assigned to the bin Laden “team,” who quickly surfaced as the author, appearing on talk shows to defend his book’s controversial positions.

Chaos Organization and Disaster Management

- Kirschenbaum will make readers question their own motivations and choices. With that in mind, he leads readers down an avenue of constant exploration, probing the considerations of various stakeholders, the plethora of constraints on effective disaster management, and the bureaucratic inertia that can all too quickly subsume disaster management.

Have Passport, Will Travel: Field Notes for the Modern Bodyguard.

- Paul Markel, a former U.S. marine, ex-police officer, and current executive protection agent, has written an advice book for fledgling bodyguards. The book covers critical topics such as communications, confrontation, defensive tools, professionalism, legal issues, intelligence gathering, and foreign travel. It is not detailed enough to be considered a textbook on executive protection, but it probably was not meant to be.

Stepping Through the IS Audit: What to Expect, How to Prepare

- Many an executive on a business trip abroad has suffered the embarrassment of making an error in protocol or local custom. The “thumbs up” or “V for victory” gestures that are symbols of approval in the United States may have derogatory meanings elsewhere, for example. By brushing up on local culture in advance, these executives could have saved themselves heartache, embarrassment, and lost business.

The Open Society Paradox: Why the 21st Century Calls for More Openness, Not Less.

- To some extent, everyone zealously guards his or her own privacy and fights to preserve it. But what are the chances we are fighting to secure the wrong thing? What if greater openness and transparency could protect our society better than fighting to preserve privacy at all costs? This is the thesis of The Open Society Paradox, in which author Dennis Bailey argues forcefully for a homeland identification card, openness in government and society, and the use of sophisticated information analysis as a powerful triple play to reduce the risk of cybercrime and terrorism.

Data Hiding Fundamentals and Applications: Content Security in Digital Multimedia

- Aimed at the experienced content-security professional, the book begins with a brief introduction to the types and uses of steganography. Remaining sections and chapters take the reader, step by mathematical step, through data-hiding applications such as the use of hidden watermarks in images and video to verify ownership. Also discussed are intellectual property attacks and detection and response measures for thwarting those attacks.

Private Security and the Law, Third Edition

- Charles Nemeth has released the third edition of his highly acclaimed Private Security and the Law. For years, it has proved to be an indispensable guide to civil and criminal liability stemming from acts or omissions committed by the security function. This newest edition updates the principles with new case law.

Forensic Discover

- Forensic Discovery is not for technical novices; readers must have a solid understanding of computer file systems, networking concepts, and computer processes. The authors focus on computer forensics for UNIX (Solaris, FreeBSD, and Linux) computers, with scant information provided about Windows. The authors explain how to obtain reliable digital evidence from running UNIX systems, uncover changes to system utilities and kernel modules, and identify suspicious activity. Sample computer compromises illustrate the concepts.

The Ethical Hack: A Framework for Business Value Penetration Testing.

- Tiller does a fantastic job explaining the process of the ethical hack from beginning to end. By way of charts, diagrams, graphs, and comparisons, the reader is led step by step through a penetration test. Also provided are sample incident reports and response forms, examples of documentation needed for the test, and an example of how the finished penetration-test document should be presented.

Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.