Information Risk and Security: Preventing and investigating workplace computer crime.
By Edward Wilding.
Published by Gower.
The ‘threat from within’ is a sociological concept with which both politicians, and now increasingly employers, are becoming all too familiar. Even so, the author of Information, Risk and Security perhaps labours the point a little when he recounts in the introduction, the received wisdom that your nearest and dearest are in fact those “most likely to stab you to death, beat you unconscious, or otherwise cause you grievous injury.”
Applying this credo to the world of security, Edward Wilding, a renowned expert in computer forensics, explores, often in excruciating detail, the degree of risk that employees pose to their employer. From IT fraud, espionage, extortion and wireless interception to press leaks, anonymous letters and pornography, Wilding is unrelenting in his determination to catalogue every potential workplace crime and transgression.
For a book that claims not to serve as an “encyclopaedic resource”, it does a very credible job of looking and sounding like one. Although its analysis will be too microscopic in places for some readers, it builds a convincing body of proof of how the greatest security threat that businesses face today lives overwhelmingly within the firewall.
Among Wilding’s most sobering observations early on is that, despite their horrific human cost, “no major company located in either of the Twin Towers went out of business as a result of the terrorist attacks.” By contrast, less spectacular crimes, such as the exposure or theft of intellectual property, have bankrupted major organisations within less than a year.
Despite such evidence – and the prospect of incarceration under powerful legislation such as the Sarbanes-Oxley Act – business leaders are still fixated on perimeter security. Indeed, Wilding concludes that, on the whole, businesses have an entirely flawed and often prejudicial conception of the origins, nature and location of security threats, the risk of which is compounded by a culture of presumption, fear of confrontation or ridicule, and wilful ignorance.
While a little pious in some places, and thoroughly paranoia-inducing in others, this book offers a highly valuable exploration of the reasons why businesses continue to suffer damaging security breaches, and the ways in which these can be prevented. If, however, the book’s thesis of ignorance is true, not enough people in the business world will be inclined to read it.