|
Review:
Safety Net outlines a number of
potential threats to online businesses such as fraud, sabotage,
espionage, piracy or identity theft, and it notes that all
manner of organizations are candidates for intruders, whether
they be business enterprises, not-for-profit organizations or
government agencies.
One chapter is entitled "the insecure employee" and looks at how
the computer systems of enterprises are assaulted by insiders.
Indeed, it points out that in some cases employees can
unwittingly access, modify, and erase proprietary data or
disclose sensitive information.
Safety net recognizes that security breaches are costly both in
terms of hard costs such as monetary and productivity losses;
but also in terms of public relations where damage is expressed
through customer and reputation losses.
The threats can involve not just online financial fraud.
Companies can also experience theft of proprietary information
and corporate secrets. One section, for example, looks at
intellectual property security or digital rights management.
The whole purpose of the book is to make the reader aware of the
potential threats that exist. It aims to provide practical
solutions to counter those online security threats as it runs
through prevention, detection and recovery counter-measures. It
lists a top ten of common mistakes that organizations make, such
as failing to install updates or patches when security holes are
found. This book also deals with how to undertake security risk
assessments for your organization and how to create an effective
security policy.
Kathleen Sindell notes that companies can acquire a competitive
advantage by ensuring that each customer feels that his or her
consumer rights and privacy are protected online; and one of the
book's fourteen chapters is devoted to the topic of safeguarding
your customer's privacy.
Ms Sindell quotes surveys which show that the majority of
businesses have encountered computer breaches, many indeed
experience a number of such breaches. She devotes one chapter to
the question of how to handle public relations after a cyber
attack including preparing and planning for crisis
communication, inspiring confidence after an attack, and the
question of whether or not to report a cyber-crime.
The book is written in plain English, and remains technically
accurate without being full of jargon. It is 329 pages long, is
clearly set out and there are illustrations throughout such as
flow charts or matrices. There are also a number of checklists,
for example for web server security, and an 'after the hack
attack' checklist. There is a glossary, and also a 'resource
center' which groups together a number of web-based sources of
information under themes such as encryption information or
intrusion detection.
Free Pint Reviewer:
Paul Pedley is Head of Research at the Economist Intelligence
Unit. He is the author of four books published through Aslib,
and writes and trains on legal issues relating to information
matters and also on searching the web. Paul is currently writing
a book for Facet Publishing - "Essential law for information
professionals". |
