Book Review: Information Assurance
McGraw-Hill Osborne Media; mhprofessional.com. 480 pages; $60
The notion of “information assurance” is not necessarily synonymous with information security. In Information Assurance Handbook: Effective Computer Security and Risk Management Strategies, authors Corey Schou and Steven Hernandez examine the subtle differences.
Information assurance is about assuring information and managing risks related to all aspects of the data. It takes a broader approach to the topic, as opposed to just focusing on security from a policy and firewall perspective.
This book provides a look at the tools and techniques that are needed to protect data. The dense volume covers the entire range of information assurance topics, including basic principles and concepts, information assurance management systems, information assurance in system development, and acquisition and information assurance awareness, training, and education. The book also reviews various information security monitoring tools and how to use them.
Those looking for an excellent reference on the topic that is both broad and deep will find that Information Assurance Handbook fits the bill.
Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), PCI QSA (Qualified Security Assessor), is a principal eGRC consultant with the Nettitude Group.