**** * Physical Security for IT.

 By Michael Erbschloe; published by Elsevier Digital Press, 800/545-2522 (phone),books.elsevier.com/ digitalpress (Web); 231 pages; $49.95.

Everyone asks whether the company network is safe from hackers, and IT and security departments pour lots of money and energy into making it so. A related question is often overlooked: Are your IT assets safe from physical theft and threats? Author Michael Erbschloe asks that important question in Physical Security for IT, then lays out a plan for ensuring that IT and telecommunications assets are physically protected from outsiders and disgruntled insiders.

As an author, speaker, and consultant on security issues, Erbschloe is very familiar with his subject, and he stays on message throughout the book. He takes the reader through the major steps of developing a physical protection plan for IT assets: establishing a working group, deciding what needs to be protected and to what degree, developing a protection plan, implementing and auditing that plan, creating a response team, and training staff. This is not a simplistic, connect-the-dots approach. Erbschloe emphasizes that these general steps need to be tailored to the structure, culture, and needs of each organization, a process not to be undertaken lightly.

Written in an accessible style and divided into coherent, logical sections, the book is an easy read. Multiple tables break up the smooth flow of text, and provide important information. Included in the appendices are the collected tables and checklists from the text, as well as a glossary of terms and acronyms and a list of Internet resources.

Security professionals whose duties encompass protection plans for IT and telecommunications assets should check their plans against the advice offered here. Professionals starting plans from scratch should understand that this book constitutes only the beginning of a long job, but it offers an excellent foundation.

Reviewer: Brent Campbell, CAS (Certified Antiterrorism Specialist), is security operations manager and information system security manager of Computer Science Corporation’s Federal Sector, in Falls Church, Virginia. He serves on the ASIS International Information Technology Security Council.