Skip to content

Book Review: Business Espionage

?This worthwhile read is presented in a refreshingly straightforward manner and is extremely readable, often using first person. Business Espionage is different in that it links the key practice of security risk management to this critical business issue in today�s global and interconnected environment. As such, it fills a disturbing gap in current writings on the subject.�

The author addresses risk management specifically within the context of both ASIS International and the realm of international standards. He highlights the importance of sources such as these as a foundation for protecting business-critical information in diverse, contemporary settings.

Author Bruce Wimmer, CPP, has a strong background in the subject matter. He served as a counterintelligence officer in the U.S. Air Force for many years, followed by extensive investigative and advisory work in the private sector around the world. He is a longtime member of ASIS and has been a frequent presenter at seminars and workshops. In addition, he has authored numerous articles on the subject and is a contributing author to several books.

Although some security professionals may take minor exception to some of the definitions and terminology discussed at the outset of the book, the author quickly moves on to present relevant and, in fact, absolutely critical points about common misunderstandings that exacerbate the threat to information assets. These include, as Wimmer puts it, the �silo syndrome,� the �James Bond syndrome,� �the ostrich syndrome,� and in some cases, an �exclusive cybersecurity focus.� These are pitfalls that warrant serious avoidance efforts by security professionals.

The book�s core offers practical and practicable information, peppered with examples and real-world case studies that reinforce key points. Throughout, Wimmer takes an integrated risk management approach to the issue, with an emphasis on vulnerabilities that can be addressed without adversely affecting the pursuit of strategic business goals. Appropriately, he warns against the temptation to over-rely on one family or type of countermeasure (such as cybersecurity) at the expense of an orchestrated strategy.

Written with a terseness that may distract some diehard academics, the book will be of definite value to business people, management teams, and students of both security and business management. It offers sound advice for leaders of any organization, but particularly those with international operations and affiliations.�

The book�s contents are general and may leave a reader wanting more information. Nonetheless, it fills an important need: to highlight the problems posed by business espionage activities and discuss countermeasures that may work to protect a business entity against a key family of risks. �

Reviewer: Kevin Peterson, CPP, is an independent consultant in security risk management and training. He is past chair of the ASIS Council on Information Assets Protection and Preemployment Screening and is a member of the ASIS Academic and Training Programs Council. With more than 35 years of experience in government, private industry, and consulting, Peterson is a contributing author to several books. He is also an adjunct faculty member in business and organizational security management at Webster University and the University of Denver University College.