Security was, is, and will always be a double edged sword.
You have to expose your systems and applications to the external world in order
to conduct business; but you want to remain in control. How does one achieve
this balance?
The best approach, it seems, is to understand information and communication
systems themselves, from a security viewpoint. Then one needs to understand the
‘soft spots’, where the systems can be exposed to intrusion and risks, within
the overall architecture and design of these systems. These areas of risks can
span the entire gamut of information systems including databases, networks,
applications, Internet-based communication, web services, mobile technologies
and people issues associated with all of them. Effective strategy to ameliorate
the risks associated with these aspects of IT systems then needs to be
developed, to provide businesses with the confidence to operate in the real
world. Furthermore, with increasingly stringent legislations, such as the
Sarbanes-Oxley (SOx) legislation, that impose rigid auditing controls over
businesses – particularly through their information and communication systems –
it is vital for businesses to be fully aware of the security risks associated
with their systems as well as the regulatory body pressures; and develop and
implement an effective strategy to handle those risks.
This book covers all of the aforementioned issues in depth. It covers all
significant aspects of security, as it deals with ICT, and provides practicing
ICT security professionals explanations to various aspects of information
systems, their corresponding security risks and how to embark on strategic
approaches to reduce and, preferably, eliminate those risks. The coverage of
the book is vast, and the relevant to immediate practice.
|