Musings

Book Reviews

Here we are gathering book reviews on information and network security, management, and leadership.

Book Review: The New School of Information Security, by Adam Shostack and Andrew Stewart - October 31st, 2008
Book Review: Crimeware, by Jakobsson and Ramzan - July 12th, 2008
Book Review: Dreams from My Father, by Barack Obama - February 4th, 2008
Book Review: LAN Switch Security:What Hackers Know About Your Switches, by Eric Vyncke and Christopher Paggen - January 11th, 2008
Book Review: Made to Stick: Why Some Ideas Survive and Others Die, by Chip Heath and Dan Heath - January 2nd, 2008
Book Review: Geekonomics, by David Rice - December 27th, 2007
Book Review: End-to-End Network Security, by Omar Santos - December 6th, 2007
Book alert, Behind the Screen: Hacking Hollywood, by Mark Stone - November 27th, 2007
Book Review: Linksys WRT54G Ultimate Hacking, by Paul Asadoorian and Larry Pesce; Raul Siles Technical Editor - October 31st, 2007
Book Review: The Black Swan: The Impact of the HIGHLY IMPROBABLE, by Nassim Nicholas Taleb - October 27th, 2007
The Best Security Books to have in your library - October 25th, 2007
Book Review: The Age of Speed, by Vince Poscente - October 2nd, 2007
Book Review: Virtual Honeypots by Niels Provos and Thorsten Holz - August 21st, 2007
Book Review: Seduced by Success by Robert J. Herbold - June 26th, 2007
Book Review: Selling Blue Elephants, by Moskowitz and Gofman - June 25th, 2007
Book Review of Snow Crash leads to Second Life - April 18th, 2007
Book Review: Miracle in the Andes, by Nando Parrado and Vince Rause - February 20th, 2007
Book Review - Information Security Law: Control of Digital Assets - February 19th, 2007
Book Review - Cisco Network Admission Control - January 1st, 2007
Book Review: The Art of Software Security Assessment - December 19th, 2006

Book Review - Information Security Law: Control of Digital Assets

February 19th, 2007
By Stephen Northcutt



Information Security Law: Control of Digital Assets, by Mark G. Milone. 2006, Law Journal Press[1]

I am not a lawyer, but I spend a lot of money on lawyers on information security and intellectual property issues. This is the longest book on computer security law I have ever read. And the publisher is a bit put out at me with the time it took to do the review, but I will not write a review until I can finish the book. This is a book for lawyers. You have probably seen these types of books, they come in a binder and you can purchase updates as new case law becomes available. There is commentary across the top of a page and the majority of the page is heavily researched footnotes. This review is really focused on the top of the page material; since I am a lay person the footnotes were not very useful for me.

The author Mark Milone is a subject matter expert, but his writing on the top of the page is very approachable. As a lay person I was able to follow along. The chapters are titled:
"Information Security", "Corporate Governance", "Policies and Procedures", "Consumer Data Privacy", "Financial Data Privacy", "Credit Data Privacy", "Government Data Privacy", "Computer Crime", "Electronic Surveillance", "Intellectual Property" and "Regulation", so this really is the definitive book on information security law. My favorite chapter was "Intellectual Property" as it is an area I am interested in based on the work I do. I thought I knew more than a little bit, but I learned tons. My least favorite chapter was" Regulation"; it seems to be a list of government and quasi government organizations.

Who would really benefit from this book? Lawyers must be the primary audience, but one of the most important things I have learned in business is that while all lawyers charge a lot per hour, many of them are not subject matter experts in topics such as privacy and intellectual property. Having a well written, accurate, up-to-date book like this at hand helps you prepare the right questions to ask corporate or hired counsel. I have used the books by another lawyer, Benjamin Wright, in just such a way and I plan to start using this book as well. It must have been a huge effort to create this book and every organization in the USA or that has significant dealings with the USA should probably have a copy on the shelves. Highly recommended, worth taking the time to read!

1. http://www.lawcatalog.com/product_detail.cfm?productID=7070