Preface

The purpose of this book is to provide information systems security officers—today often called cyber security officers, professors, students, other security professionals, information warfare specialists, related managers, auditors, and general management an awareness and basic approach to establishing and managing what had been known as an information systems protection program, but is now commonly called a “cyber security” program, for a government agency or international or national corporation. It can also be used by any group wanting to protect its networks and information. It reportedly has been, and can always be, used as a textbook by university professors to teach a basic course on this and related topics, as well as recommended reading for related courses.
It provides, I hope, an easy-to-read, understandable implementation plan for establishing a basis—a foundation—for a cyber security program, especially for those who have little or no knowledge on the topic or how to proceed. It also provides information that can be used by intermediate and advanced professionals, students, and other types of professionals in this and related topics of business security and information warfare, for example, defensive measures.
There are many books on the market related to computer security, information systems protection, cyber security, and the like; however, this is one of the first and best approaching the topic in the manner that it does and is now considered a “classic” since first published in 1998. If not, there wouldn’t have been a second and now a third edition.
This book has been updated where deemed appropriate and new chapters have been added, with little or no major change in format, as why mess with a well-selling, popular “classic”?
Just so there is no misunderstanding, this a basic book on building a cyber security program and a primer on being a cyber security officer. There is much in this edition that is as true today as it was in the first edition back in 1998. Therefore, the basics of it all are still the same, with new stuff added to keep this “classic” up to date.
This third edition, as with the past two editions, will provide the reader with the information to help meet the twenty-first century cyber security and related management challenges.
Key words, as a minimum, that the reader should know are:
1. Security
2. Cyber security
3. Cyber security officer
4. Computer security
5. Information systems security
6. Information warfare
7. Auditing
8. Managing assets protection
9. Managing information systems organization
10. Managing computer security organization
11. Assets security
12. Audit trails
13. Information protection
14. Privacy
15. Malware
16. Hacker
17. Phishing
As with any book, sometimes the readers are critical. That’s fine. Variety is the spice of life, as they say, and everyone is entitled to their own opinion. If one can sit down and discuss cyber security and cyber security officers’ responsibilities with the critics it would be great to share information. After all, they may have important points that could be considered when updating the book. However, that is usually not possible.
So, with all that said, let me state for the record what this book is not:
• It is not a book that is the “end all and be all” of a cyber security officer’s functions, duties, and responsibilities. The rapid changes in cyber environments, high technology, etc., make such a book impossible to remain current.
    Note: In this environment, beware of anyone considering themselves “experts.” I, for one, confess I have never considered myself one (although working in the field since 1980) and correct anyone who introduces me as such. Nor will I ever consider myself to be one. Too much to know and all rapidly changing.
• It is not a technical book and does not purport to be—it will not tell you how to install a firewall, for example. The rationale is that there are many good books on the market that cover specific aspects of cyber security, narrowly focused and technical. It is expected that the cyber security officer will read and understand these books as needed based on specific cyber security needs.
In short, this book’s goal is to provide a basic overview of the cyber security officer’s world, duties, responsibilities, and challenges in the twenty-first century. It is a primer. It is also about the cyber security officer who must establish and manage a cyber security program for an international corporation, although all of the material is applicable to various work environments, such as government agencies or charitable organizations.
This is the third edition of this book and has been updated where appropriate, and where the baseline still fits the current environment, it has only been “tweaked,” as what has been provided from the beginning is still valid today. This is primarily relevant to Section II, which is the heart of the book, and the establishment and management of a cyber security (formerly known as InfoSec) program. What was written in the first and second edition is still valid in this third edition. Therefore, it has been modified, but the basics of what is covered have not changed. What has changed is the environment of the world of the cyber security officer. Therefore, that was the focus of the changes in this third edition.
It was written because over the years many associates and I had to establish and manage such organizations and found no primer to guide us. So, over the many years that I have been involved in various aspects of security, eventually focusing on cyber security—and its related functions since about 1980—I think I have developed a basic approach that has been successful. Others who have read this book, who have listened to my lectures based on what became this book, and whom I have mentored over the years have agreed with me. It also successfully worked for me when I had to establish a basic program for a corporation or government agency, from aerospace to Wall Street to the Pentagon, as well as being a consultant.
So, if you are a cyber security “techie,” “engineer,” or the like and looking for the Holy Grail of information assets protection or cyber security, that is not what this book is about. However, if you want a cyber security officer career, want to know what the cyber security officer’s profession is all about—especially from a management perspective—and want to be able to build a foundation for a successful cyber security program and organization, then yes, this book is for you.
This book was also written for non-cyber security professionals in management positions who are responsible overall for a government agency or business and therefore its assets protection–cyber security program. These professionals should also know what the cyber security profession is all about and the basics of information-related computers and networks processing, transmitting, and storing information, data, knowledge, or whatever term suits them. Why? Because they manage a business, and today a successful business must include a cyber security program if it is to avoid disasters, since technology, for example, networked computers, is an integral part of a business these days.
This book can also be used as a textbook or “recommended reading” for university courses related to general security, assets protection, cyber security, information systems security, or information warfare (although my coauthored book on Global Information Warfare, first and second editions, may better serve the reader’s purpose).
I hope you enjoy it. After reading it, please drop me an e-mail through my publisher and let me know:
• Any questions you may have;
• What you liked about it;
• More importantly, what you didn’t like;
• Why you liked or disliked it;
• What ideas presented were most important to you;
• Your implementation of some of the ideas presented, and your result; and
• What I should include or cover differently in a fourth edition.
After all, I want you to be able to use this book in the real world of global information sharing, cyber warfare, and cyber security battles. All feedback is welcome.
Thanks!
Jerry
Dr. Gerald L. Kovacich, ShockwaveWriter
Whidbey Island, Washington, USA
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.216.95.197