Information Security: Strategies for Successful Management.

• Author: Dowdall, R.K.

Reviewed by R. K. (Keith) Dowdall, director of corporate finance, City of Winnipeg, and member of the GFOA's Task Force on Technology.

In recent times, most senior financial officials have been deluged with changes and new approaches on a wide variety of issues, specifically in the technology that supports their organizations. Because of increasing time demands, these days one has to carefully decide how much time to devote to which topics for increasing one's knowledge and understanding.

When I first picked up Jim Gaston's Information Security, I thought I would give it a very cursory scan. After all, many would say governments are generally not in a competitive environment, and many of our major information systems are internal to the organization with little exposure from external risks. After reading it, however, two things became clear. First, the time and effort to read this book are well worth the investment. Second, in governments as well as the private sector, the implementation of technology to connect to external organizations has increasingly become a critical success factor in achieving an organization's goals. This is due in the main to advances in computer interconnectivity - using enhanced technology and the Internet - which now, more than ever before, critically relies on effective information systems. Over the next number of years, this dependency will increase dramatically as more and more organizations take advantage of electronic commerce and communication technology. As a result, our assets have become more at risk, sensitive data are subject to inappropriate disclosure, and vital operations are vulnerable to disruption.

This book provides a guide for senior executives to increase their awareness of information security issues and information they can use to establish a management framework for effective security programs to take advantage of emerging technology. It is designed so that it can be read from cover to cover to improve one's understanding of all the issues or, alternatively, can be used as a reliable reference book on the principles of information security. For each principle, "strategies for success" are developed and highlighted...