Assessing Information Security

The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war. It is clear that organisations need to develop a view of cyber security that goes beyond technology - all staff in the organisation have a role to play and it is the senior managers who must ensure, like generals marshalling their forces, that all staff know the cyber security policies that explain what to do when under attack. With this in mind, the authors of this book have drawn on the work of Clausewitz and Sun Tzu and applied it to the understanding of information security they have built up through their extensive experience in the field. The result is expert guidance on information security, underpinned by a profound understanding of human conflict. Building on the success of the first edition, this new edition covers the most recent developments in the threat landscape and the best practice advice available in the latest version of ISO27001:2013.