[openbook booknumber=”ISBN:978-0470639559″ templatenumber=”1″]
It must be a sign of the times when you pick up a book published two years ago and wonder if it is worth reading because it may already be outdated. Things are moving at such a rapid pace, I always have the feeling that was true two years ago may no longer be valid today. Luckily for me, the information presented in this book is still relevant and provided intereting food for thought. One interesting feature of the book, is that interspersed throughout each chapter, the authors included short discussions from some of their contributors relating to the contents of the chapter. Some of these discussions support the conclusions and some may offer alternative conclusions and opinions. In both cases, I found the alternative points of view to be quite interesting, making the book more of a discussion and less of a one-sided lecture.
The book begins with a quick overview of the various topics in IT Security, from what Malware is to Botnets and the evolution of security solutions. The chapter is very concise and covers a lot of ground quickly. In chapters 2, 3 and 4, he book continues with a discussion of the external non-technical influences on security, followed by the technical influences and finally a discussion on various threats. These three chapters cover a lot of ground, touching on almost every topic relevant to IT Security today and how they the authors feel they will evolve over the next decade.
Chapter 5 then concentrates on Unified Communications and Collaboration solutions and the challenges these solutions pose to security professionals, since securing these types of services often “restrict the benefits these types of tools bring to the business.” Within UCC the authors include topics such as email, VoIP, Shareoint, Webinars, storage of user generated content and digital rights management. The author’s conclusion that UCC will evovle significantly over the coming decade and these change will have a significant impact on user behavior is definitely true. The challenge of being able to effectively identify and provide an audit trail for activities in the UCC area is significant and still not solved effectively today.
The authors then take a step back and discuss the history of Inforation Security and how it has evolved over time. Among other things, the authors argue that since adding point solutions to an infrastructure increases the complexity and cost of the overall IT security environment, the future will continue to see the convergence of tools into integratied solutions much like the melding of technologies into UTM solutions has done.
Chapters 7 and 8 touch on the business and economics of Security, which ranges from internal IT budgets to macro-economic influences such as another recession.
Chapters 9 and 10 bring it all together with some future scenarios and then the conclusion. I found the future scenarios to be interesting and some could be considered useful, for example what if GPS stopped working. Is this relevant to your business? What services rely on it? Because of this, I feel that the most valuable part of Chapter 9 was the idea that just writing down a few what-ifs with possible action plans, will give you a basis for quicker reation if one does actually come true. By reading this book, you take one step in that direction, preparing for what might come. Whether the authors have it right or wrong, the most important thing is to have performed the thought exercise, which may give you a head start when faced with one of these topics in the future.
Note: This book review was submitted for CPE credit to ISC2 as part of my CISSP certification requirements.