Book review – Information Security Management Principles (2nd Revised edition)

Book review – Information Security Management Principles (2nd Revised edition), Book By David Alexander, ISBN-10: 1780171757

As with the last review this book is the set book for a certification, in this case the BCS Information Security Management Principles Foundation Certificate which is a pre-requisite for any of the BCS assessed CCP certifications. This review is for the book not the certification, however if you read the book and have a modicum of common sense you should be able to pass the exam without investing in any courses – it’s not rocket science.

The book is considerably better value for money than the ITIL Practitioner one as it is 60 pages longer, costs £36.21 less and is, in my opinion, a far better text book. The breakdown of the topics is logical, walking the reader through the process of developing an Information Security Management System. One interesting point is that as a geek I am focused on the cyber element, however there is a great deal of coverage of the physical aspects of information security, including clear desk policies, food for thought on the topic of uncontrolled printing and my favourite, USB memory sticks amongst many.

There are quite a number of real world examples/ anecdotes and these enhance the reading by breaking up the dry subject and giving pause for thought – my favourite being that one of the authors lost more than one data centre to terrorist action in 10 years.

It must be remembered that this certification is at the foundation level, so goes into general concepts not specifics, the same is the case with this book, you will not be an expert in the topic by any means once you have read this book, but you will have something to ground you when you start to study topics such as the ISO27000 family of standards.

One area where the book could be improved is around the sample questions, there are only 29 and as this book is a set book I believe there should be more in order to better prepare the student. Perhaps this will be addressed with the next revision, which must be due as there are a lot of references to the Data Protection Act 1998, which implemented the EU Data Protection Directive 1995,which as we all know will be replaced by the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), which comes into force on 25th May 2018.

Marks out of 5 – in this case 4, as though it will be sufficient to pass the exam a revision is required to keep pace with the regulation changes and maybe add more sample questions. As before there is not much point in saying whether or not I would recommend it – it is the set book for the certification.