*****Security Risk Management. By Evan Wheeler. Syngress, www.syngress.com; 360 pages; $49.95.
Evan Wheeler’s book, Security Risk Management, provides security and business continuity practitioners with the ability to thoroughly plan and build a solid security risk management program.
The buzz words that are used throughout the corporate risk management industry today are often misused or overused. Wheeler breaks down such terms, translating them for the reader and articulating how they apply to a security risk management program. He believes risk managers should consider banning the term “best practices” from their vocabulary; he doesn’t think one size fits all when creating a security risk management program.
The author begins with an overview of information to be discussed throughout the chapter. Throughout the book, Wheeler incorporates “tips & tricks,” alongside the pages to provide readers with additional information. In chapter three, “The Risk Management Lifecycle,” Wheeler discusses establishing a business impact assessment and the importance of identifying critical resources that need to be protected.
Security Risk Management stresses how important it is for various business units, in particular security, to communicate before, during, and after a crisis. The reader will come to understand that incorporating business continuity into any business plan is not a onetime activity.
Building an information security risk management program from the ground up is a monumental task that requires various business units to react and adopt change to move a business forward. This book provides valuable information for security, IT, and business continuity professionals on creating such a program.
Reviewer: Kevin A. Cassidy is vice president of business development and contingency planning for Quality Building Services in New York City. He is also an adjunct at John Jay College of Criminal Justice. He is a member of ASIS.