Book Review: Secure—Insights From the People Who Keep Information Safe

Book Review: Secure—Insights From the People Who Keep Information Safe
Author: Mary Lou Heastings | Reviewed by A. Krista Kivisild, CISA, CA
Date Published: 1 January 2015

Secure: Insights From the People Who Keep Information SafeThere is always a new information security issue to focus on, another area of key concern relating to IT security, data security or business continuity planning that security professionals need to be aware of to keep on top of the relevant risk. But how can security professionals determine the relevant risk to their industry? At a time when changes in technology continue to accelerate, how can anyone decide what should be the information security areas of concern to their company and the places where they should focus their team’s work in the future?

Secure: Insights From the People Who Keep Information Safe is a collection of works from senior IT leaders in various industries providing what they feel are the biggest security concerns right now and for the future. In this quick, compact read, readers can gather understanding from those in the know and can consider if these experts’ ideas about leadership competencies needed in the future, design security or application delivery networks are applicable to their enterprise/industry. Everyone from technical practitioners to those just beginning their IS audit, security, risk or governance careers can find value in this general management book as it keeps readers aware of the latest risk concerns.

The book’s primary strength is its ability to provide the reader with valuable information on upcoming information security and technology issues, which are highlighted by the opinions of 10 IT information security leaders. The writings of each leader are engaging and succinct. As a result, readers can quickly get through a chapter and gather the information they need on a bus or train ride or between meetings. This book is ideal for anyone who does not have time to read a full book on the subject, but wants to be aware from where the next risk to IT is coming. Additionally, background on each leader and his/her company is provided, so the reader can determine if the author’s industry shares the same risk factors/concerns.

The world of information security is constantly changing. The number of Internet users has grown exponentially, smartphone and mobile use is exploding, and social media web sites are used more and more to do business. Those at all levels within IS audit, risk, security and governance struggle to stay abreast of these changes and keep aware of what the real concerns are to know where to focus their efforts. While the risk is also exploding, IS professionals need to focus on the right risk: those that are growing, those that are relevant and those that are of a bigger concern.

Despite the rapidly changing nature of security and risk, this book will remain relevant for years. The majority of the leaders in this book focus on entity-level and governance risk; as a result, the insights provided in this book are at a high enough level that they will remain relevant for years to come. This book is perfect for today’s IS professional who needs to learn a lot of information, but does not have much time to do so.

Reviewed by A. Krista Kivisild, CISA, CA, who has had a diverse career in audit while working in government, private companies and public organizations. Kivisild has experience in IT audit, governance, compliance/regulatory auditing, value-for-money auditing and operational auditing. She has served as a volunteer instructor, training not-for-profit boards on board governance concepts; has worked with the Alberta (Canada) Government Board Development Program; and has served as the membership director and CISA director for the ISACA Winnipeg (Manitoba, Canada) Chapter.