| Information security is different from many other disciplines both within mainstream information technology and other business areas. Even though there are now many good books on various areas, getting the breadth of knowledge across the many subareas is still difficult, but it is essential to success.
Unlike so many functions of IT, security is an area that requires practitioners to operate across the whole organization. A chief information security officer (CISO) or a security manager is likely to be asked advice on many aspects of security in situations where there is no alternative but to give some sort of counsel. Sometimes your best shot may be the best hope available. So the sensible security officer strives to have a good foundation in most areas; unfortunately, however, many don’t and rely not on knowledge (either formal or self-taught) but instead use an authoritative tone, tactical Google searches, or the various mantras about “security policy.” Those experts who know everything about everything but whose advice needs to be reversed 50 percent of the time often cost companies hundreds of thousands of pounds in project delays and even fines.
This book can’t possibly prepare you for everything you are likely to come across. And in its defense, no other single volume can either, but this book is designed to be a rather good start for that preparation.
This book is designed to cover both the basic concepts of security (i.e., the nontechnical principles and practices) and basic information about the technical details of many of the products—real products, not just theory.
Throughout the book, I have tried to explain “why we do things the way we do.” I don’t know this because I’m very clever; let’s say I know this because I’m slightly older than you and was in on the ground floor while people were still trying to work things out. |