Just Enough Security: Information Security for Business Managers

Features

• Cover Type: Paperback with 248 pages
• Published by: Lulu.com June 6, 2006
• Written in: English
• ISBN 10 Number: 141167541X
• ISBN 13 Number: 978-1411675414
• Book Dimensions: 8.8 x 5.9 x 0.7 inches
• Weighs: 11.2 ounces

Product Description
The Just Enough Security (JES) approach to information assurance is based on the belief that no one safeguard can completely protect your critical information assets from a highly motivated threat. The JES security model combines multiple layers of safeguards with simple risk management tools to help you achieve both the security of your information assets and a return on your security investment. To allow you to quickly apply the basic principles of JES, this book helps you build the necessary skills in three steps. Part 1 of this book contains three primers to ensure you have the basic technical knowledge necessary to understand each layer of the JES model. These primers include networking, security, and risk management. Part 2 introduces the various layers of the JES model with detailed explanations of how to implement each. Finally, business continuity and incident management principles are discussed in Part 3.

About The Author
Tom Olzak is an IT professional with over 23 years experience in programming, network engineering, and security. He is an MBA with CISSP and MCSE certifications. Currently he's Director of Information Security for a large national health care company, responsible for managing the corporate security program, change management, and business continuity planning. He is also the CEO of a security training company. Prior to his current job, he held positions as an IS Director, Director of Infrastructure Engineering, and Programming Manager at a variety of manufacturing and distribution companies. Prior to joining the private sector, he served ten years in the United States Army Military Police with four years as a Military Police Investigator. He's written several articles and papers on security management. --This text refers to an out of print or unavailable edition of this title.

Reader Reviews
In this day and age, when some of the largest banks, universities, and corporations seemingly fall victim to egregious security breaches every day, it can be quite daunting for the small to medium sized business owner to wrap his head around information security. Without a staff of network engineers, software managers, and other computer professionals, where does the average business owner/manager/systems manager turn when it comes to developing an effective security program? In this very practical approach to Information Security, veteran Information Technology professional Tom Olzak delineates a very practical approach that empowers business/systems managers with the knowledge and insight they need to build a security system attuned to their own needs and resources. Unlike most writers of computer-related books, Olzak speaks the language of business, describing how the right security model can actually be a good economic investment in its own right. For me, the term "just enough security" has something of a negative connotation, but Olzak shows how "Just Enough Security" can actually represent the best solution possible, in economic as well as security-related terms, for small- and medium-sized businesses. Like it or not, there is no perfect security system, and information security is a risk-oriented endeavor. The idea is to make your data secure enough, through a combination of safeguards, to convince the bad guys to move on to easier pickings elsewhere. In that sense, the JES model truly is an in-depth approach to information security. Olzak presents his material in a highly structured manner, carefully explaining new terms and concepts as he goes along. He begins by providing the reader with primers on networking, information security, and risk management. While some readers may already be savvy to the basic concepts of these subjects, it provides the business-oriented audience with a firm foundation upon which to examine Olzak's JES model. The bulk of the book discusses the different layers of that model (physical and administrative as well as technical) - how they are implemented, how they work, etc. With this information, the business manager can get a good idea of which layers might be most effectively implemented in his/her own business environment (in terms of cost as well as effectiveness). That is what makes this book so useful for its target audience. For the business manager, information security is as much about economics as it is information technology. Olzak shows that it is possible for a small- to medium-sized business to establish an effective, layered security system and to actually see a positive return on its investment. Of course, you don't just put a security system in place and forget about it. Information security is a 24/7 endeavor, and Olzak does a very good job of describing the nature of the threats out there - internal, external, accidental, criminal, malicious, etc. In the book's final section, he turns his attention to business continuity planning and the importance of preventing, detecting, containing, and eliminating any threats that come sniffing around your data. Just Enough Security really is an excellent resource for the business manager/owner looking to establish or improve an existing security program. Not only does the book offer an effective overview of the different layers of a detailed security approach, it frames the decision-making process in economic and, more specifically, risk management terms. Comment | | (Report this)