Preface
Writing this book has been a wonderful experience for me and was not something
I ever anticipated. After writing a chapter on security assessment methodology for
the
Information Security Management Handbook
a few years ago, I was asked if I
would be interested in writing a comprehensive book on the same topic. The task
presented a very exciting opportunity and, as I finished the book, the experience has
been both challenging and rewarding.
As the information security field becomes more prominent, with more companies
paying increased attention, it is important to be able to properly address security
concerns and develop cost-effective security solutions. A security assessment is a
key component of any information security program and is something that helps
companies proactively address security, prioritize security initiatives, and develop
solutions commensurate with risk. This book emphasizes that information security
is not a technology but, instead, a process that should be incorporated into a com-
pany’s operations. In fact, this book is technology-neutral and is more focused on
security processes and the methodology for conducting security assessments.
For many companies, a comprehensive security assessment is the first step in
building an information security program. The assessment provides a roadmap to a
more secure company. Using a structured methodology, which appropriately considers
both the business and supporting technology together and incorporates effective
methods for gathering and analyzing information, is important for conducting quality
security assessments.
For people newly entering the information security field, this book will hopefully
provide a structured methodology and other useful content to help in conducting
security assessments. The expectation is that this book establishes some structure
around security assessment methodology that will help you conduct assessments
using a standard yet flexible approach. The questionnaires in the Appendix can be
customized and used in conjunction with security assessments.
This book was possible because I was fortunate to work with good people
throughout my career. I have learned an invaluable amount from colleagues, partic-
ularly over the last few years, as I delved deeper into information security.
I would like to thank my friends and family for their support and words of
encouragement, all of which made this process much easier. I would also like to
thank the people at Auerbach Publications, including the editors and those involved
in producing the final product. And my thanks go to Rich O’Hanley for providing
this opportunity and being supportive and flexible as I tried to balance work and
family demands while writing this book.
For readers of this book, I hope you find the content useful as you conduct security
assessments. I would appreciate any feedback about where improvements can be made
and how this methodology works for you, whether you use it or have incorporated
elements into your existing methodology. You can reach me at [email protected].
AU1706_book.fm Page vii Tuesday, August 17, 2004 11:02 AM
AU1706_book.fm Page viii Tuesday, August 17, 2004 11:02 AM
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.