***** Security Strategy: From Requirements to Reality. By Bill Stackpole and Eric Oksendahl. CRC Press, www.crcpress.com; 346 pages; $79.95.
Security books can often be categorized as being on one side or the other of the “great divide” between IT security and physical security management. Though this book is slightly more on the IT side, the authors of Security Strategy bridge this divide by discussing both types of issues as they relate to high-level security.
The book is divided into two sections—Strategy and Tactics. The first section should appeal to all security professionals and includes the elements of strategy, creating a strategic framework, developing strategic planning, dealing with customers, and convergence. The second part focuses more sharply on IT security and includes tactics such as defense-in-depth, observation, accountability, hacking, and outsourcing IT services.
The book offers a tremendous amount of detail, and there is much that will be beneficial to those interested in developing organizational strategy. The authors have considerable experience in IT security, and it is interesting to view the security management function from that perspective. While this is generally an IT security book, it also has value for the physical security group. There are definitely lessons here for anyone interested in learning them.
Reviewer: Glen Kitteringham, CPP, has worked in the security industry since 1990 and is president of Kitteringham Security Group Inc., where he consults with companies around the globe. He is an ASIS International senior regional vice president and serves on the ASIS Commercial Real Estate Council.