Digital Defense: What You Should Know About Protecting Your Company's Assets

Some of the cases involve breaking the law; others involve violating contractual relations. But a significant number involve employee and contractor carelessness. In doing that, he illustrates the very reasons why companies concerned about improving physical and IT security to protect competitively sensitive data also need to develop and maintain a defensive CI process to supplement them. All three programs should, and can, work together to protect corporate information assets.

Book review by John McGonagle, in the November/December 2003 issue of Competitive Intelligence magazine, published by SCIP www.scip.org

Rating:
Summary: A "must-read" computer protection manual
Review: Knowledgeably written by Thomas J. Parenty (a computer security expert of twenty years' experience), Digital Defense: What You Should Know About Protecting Your Company's Assets is a straightforward guide to protecting business information. Parenty stresses that it is the data itself, not the computers that store it, that is the most vital consideration when developing and implementing security systems and protocols. Digital Defense goes beyond such common measures as firewalls and virus protection software, to offers a corporate security process called the "Trust Framework" which is uniquely adapted and fine-tuned for the digital world. Simply put, Digital Defense is a "must-read" computer protection manual filled from cover to cover with invaluable and applicably technical information explained in terms expressly intended for non-specialist readers concerned with the security of their company's informational assets.

Rating:
Summary: Really useful approach to a difficult problem
Review: Reading this book has broadened the way I think about solutions to security. Dispensing with technical detail and unrealistic recommendations that sometimes appear in books of this nature, Mr. Parenty gives practical and highly usable instruction to realistically implement practical electronic security in a way that can solve the complete problem. He describes a process-oriented solution to security by identifying methods to identify and maintain security-related information and then guides us through how to secure that information. This is different than the too-typical method of buying more security products, throwing them at an undefined problem, and hoping they work. Under his paradigm, security-related products become a tool to enforce corporate security policy rather than the tools creating policies themselves, which seems to be the real solution to both large and small security issues.

I think that the reader could use the ideas presented in this book in nearly any organization and have a high expectation of success, without hiring a large group of pricey consultants to make it happen.

I expect that this book will become a significant contributor to the security literature and would highly recommend it. If you are looking for a product-oriented solution to security threats though, this book won't provide the information you want.

Rating:
Summary: Really useful approach to a difficult problem
Review: Reading this book has broadened the way I think about solutions to security. Dispensing with technical detail and unrealistic recommendations that sometimes appear in books of this nature, Mr. Parenty gives practical and highly usable instruction to realistically implement practical electronic security in a way that can solve the complete problem. He describes a process-oriented solution to security by identifying methods to identify and maintain security-related information and then guides us through how to secure that information. This is different than the too-typical method of buying more security products, throwing them at an undefined problem, and hoping they work. Under his paradigm, security-related products become a tool to enforce corporate security policy rather than the tools creating policies themselves, which seems to be the real solution to both large and small security issues.

I think that the reader could use the ideas presented in this book in nearly any organization and have a high expectation of success, without hiring a large group of pricey consultants to make it happen.

I expect that this book will become a significant contributor to the security literature and would highly recommend it. If you are looking for a product-oriented solution to security threats though, this book won't provide the information you want.

Rating:
Summary: Excellent security introduction for the decision makers
Review: The biggest problem with properly implementing a security policy is not the technical one of securing digital resources, but instead the organizational problem of having the decision makers sufficiently aware of the problem to guide the implementation to succeess.

Tom Parenty gives an excellent overview of the real-world security problem, drawing from what is obviously years of experience in the trenches helping businesses and government organizatoins implement successful security strategies. A must read for all management types with digital assets to protect.