This book was written to provide a general business audience with the knowledge
they will need to properly integrate security into their company. The concept is based on our vision that in the years to come, business will no longer be able to
afford to be reactive about security. We firmly believe that information security will
become a fundamental part of all business infrastructures. Organizations of all
shapes and sizes will reorganize, plan and spend a lot of money to properly protect
and defend the core of their business: information.
We don’t believe there’s anything like this book in the realm of information security.
What does exist tends to fall into a few basic categories:
Trade Media: There are hundreds of magazines and journals that rant and rave
over the latest in network and security technologies. These sources are a great way
to stay informed. However, many of these articles skirt the line between paid advertisements
and devout worship. It’s very difficult to get an honest picture of a particular
technology from these sources alone.
Books for “Simple” Needs: These books are designed to give people who lack
technical backgrounds an understanding of isolated security concepts. They can often
provide the average user with simple solutions for their needs, but won’t provide
managers with enough information to feel confident about their choices.
Hacker Books: On the other end of the spectrum are security books for system
administrators and hackers. Frequently written by an infamous hacker or security
expert, these titles focus on specific “hands-on” security for Unix and Windows machines.
They also discuss methods in which to break into these machines. These
books are usually full of riveting inside jokes like:
(-: Command not found.
Technical Documentation: Concerned about wireless security? Why not just
read the original specifications for your wireless system and analyze it yourself? Or,
grab a whitepaper and a cup of coffee and solve your dataflow problems. This includes
the many excellent books on particular technologies, such as TCP/IP
Illustrated (a book that we’ve read cover to cover many times).
After years of looking closely at these options we realized something was missing:
a comprehensive reference guide written for intelligent business people. This is
a book that provides the reader enough information in a few pages to make businesslevel
decisions. A compilation that relates security concepts and technologies based
on the way they’re used in real life—not based on technological similarities or ideals.
In other words, a practical guide to information security.