|Why We Wrote
This book was written to provide a general business audience with the knowledge they will need to properly integrate security into their company. The concept is based on our vision that in the years to come, business will no longer be able to afford to be reactive about security. We firmly believe that information security will become a fundamental part of all business infrastructures. Organizations of all shapes and sizes will reorganize, plan and spend a lot of money to properly protect and defend the core of their business: information.
We don’t believe there’s anything like this book in the realm of information security. What does exist tends to fall into a few basic categories:
Trade Media: There are hundreds of magazines and journals that rant and rave over the latest in network and security technologies. These sources are a great way to stay informed. However, many of these articles skirt the line between paid advertisements and devout worship. It’s very difficult to get an honest picture of a particular technology from these sources alone.
Books for “Simple” Needs: These books are designed to give people who lack technical backgrounds an understanding of isolated security concepts. They can often provide the average user with simple solutions for their needs, but won’t provide managers with enough information to feel confident about their choices.
Hacker Books: On the other end of the spectrum are security books for system administrators and hackers. Frequently written by an infamous hacker or security expert, these titles focus on specific “hands-on” security for Unix and Windows machines. They also discuss methods in which to break into these machines. These books are usually full of riveting inside jokes like:
Technical Documentation: Concerned about wireless security? Why not just read the original specifications for your wireless system and analyze it yourself? Or, grab a whitepaper and a cup of coffee and solve your dataflow problems. This includes the many excellent books on particular technologies, such as TCP/IP Illustrated (a book that we’ve read cover to cover many times).
After years of looking closely at these options we realized something was missing: a comprehensive reference guide written for intelligent business people. This is a book that provides the reader enough information in a few pages to make businesslevel decisions. A compilation that relates security concepts and technologies based on the way they’re used in real life—not based on technological similarities or ideals. In other words, a practical guide to information security.