Information Security: A Strategic Approach
By Vincent LeVeque
Wiley- IEEE Computer Society Press
Since the 1960s, managers in both the public and private sectors have been practicing strategic planning as a method for setting objectives and achieving a desired outcome. By the 1980s, strategic planning, as practiced in the public sector, had evolved to include information and technology as well. What's been missing, according to Vincent LeVeque, is strategic planning for information security.
Information security is no longer about restricting access and keeping certain information secret. It has evolved into building electronic trust networks that benefit government and the public. "Ensuring that information security provides the maximum strategic benefit to the organization requires a further evolution, from trust architect to information steward," writes LeVeque in Information Security. Today, it's all about creating effective control mechanisms, and operating and managing them.
LeVeque starts by introducing the basic concepts of strategic planning, followed by a description of practical methods for creating an information security plan. He discusses the role of technology and management strategies and then uses case studies to illustrate how an organization can develop an information security strategy.
What follows is an examination of key enterprise planning models that correspond to different uses of information and different security strategies. LeVeque reviews information economics that link information security strategy with business strategy. He also analyzes the importance of risks in building an information security strategy. The result is a good, essentially nontechnical guide to the strategic planning of information security for CIOs and other executives.
LeVeque, a senior security engineer for a large systems integrator and consulting firm, counts local governments among his clientele.
Public Information Technology and E-Governance: Managing the Virtual State
By G. David Garson.
Published by Jones and Bartlett.
In 1985, I worked for a small association of local governments. One of the membership features was that each city and county had a designated contact -- usually the government librarian -- who was given a small keyboard device for communicating with other members. (Think of France's Minitel device, the world's first broad-based online service before the birth of the World Wide Web.)
This forerunner of e-mail allowed members to communicate in real time without a telephone. The device was quirky, definitely a novelty and used by just a handful of people. By the time I left the organization five years later, everybody was using the system to communicate with everybody else.
The use of technology in government has since exploded, and today its complexity, sophistication and universality has spawned not just a huge industry to serve and support the unique needs of public-sector IT, but also has led to everything from a media market (including this magazine) to educational courses for CIOs.
Now comes what might be the first textbook for technology and government. Public Information Technology and E-Governance provides a comprehensive overview of the political issues raised by information policy in the public sector and administrative issues that managers will likely encounter in governing the virtual state.
Authored by G. David Garson, a professor at North Carolina State University, the book blends theory with practice on everything from e-democracy, access and privacy to information planning, partnerships, project management and implementation issues. Each chapter begins on a theoretical note, then covers the main dimensions of the topic, and is followed by one or two case studies, a glossary and discussion questions.
Garson devotes only two pages to the role of the CIO and limits his overview to the federal sector, while state CIOs are mentioned in a brief paragraph covering the National Association of State Chief Information Officers. Given the book's claim to be a comprehensive tool for "managing the virtual state," it's unfortunate that the author didn't allot more discussion on what has become a critical leadership position in the function and management of government IT.
Despite this oversight, Garson is to be credited for writing the first true textbook for public administration schools covering the entire field of public-sector IT policies and management.
Information Security: A Strategic Approach