Inside the Security Mind: Making the Tough Decisions
Book Review - Inside the Security Mind: Making the Tough Decisions. By Kevin Day published by Prentice Hall, 399 pages -
Reviewer: David O. Best, CPP, CBM. USA.
Does your organization make information security decisions with a developed security mind? To answer that question, of course, you have to know what a "security mind" is in the context of IT. Kevin Day's book takes readers on that heady journey. Developing a security mind, contends Day, involves moving from a focus on details to overarching sensitivity to basic virtues and rules of security. Fundamental to he security mind are four security virtues and eight rules of IT security. Virtue one dictates that IT security must be a daily consideration in every area. Virtue two states that IT security must be a community effort. Virtue three requires a higher, general focus on IT security. Virtue four mandates at least some measure of IT security training for everyone in the organization. Derived from the virtues, the eight security rules are fundamental practices that must underlie all decision making. Day also introduces other security practices - using layered security, creating choke-points for incoming traffic, and dividing security responsibility that will keep information systems safe. The author shows how these practices apply to the decision-making process through several case studies and examples. With a rational thought, process and convincing presentation, Day successfully advocates the importance of developing a security mind.
