Auditing and Security. AS/400, NT, Unix, Networks, and Disaster Recovery Plans

Companies worldwide are losing billions a year due to IT security breaches. This has reached epidemic proportions, and there are doom and gloom forecasts that this may spell the end of the cybernet as we have come to know it. Cybercrime is perhaps the most insidious global menace, and world terrorism has not been slow to capitalise on this. Any book which can assist to combat such commerce‐threatening menace is to be warmly welcomed. We are fortunate that this is the book.

When I first received it in 2001, I immediately realised its potential. But since I am an academic, who has not practiced in this area for many years, I asked neighbour and friend Colin Day, an IT expert in the City of London, to check it out. He, in turn, shared it with the head of IT and staff at a major City institution. There was common confirmation that this is a superb text, which offers all that could be hoped for. So there is united practitioner and academic opinion on this issue. The only drawback of my consultation exercise was that the IT specialists liked the book so much that it was difficult to get it back so that I could complete my review.

Within are the tools that involved professionals’ needs to ensure that a company’s platforms and networks are adequately protected. To achieve success, knowledge is demanded across a wide range of disciplines beyond computer science, including management science, information security, accounting, finance, business, and human resources. This book traverses these divergent fields such that auditors, IT managers, controllers, and corporate information officers are able to measure the security of their systems. This comprehensive and incisive volume covers the full range of issues relating to security audits – hardware, operating systems, network connections, the cooperation of logical and physical security measures, and disaster recovery planning. The journey takes the reader from the mainframe to the individual PC – as well as the networks that connect them to each other and to the global marketplace.

Mr Musaji starts with a consideration of what he calls information security through dynamic culture, and dynamic culture transformation. It is instructive that he begins with matters of culture, organisational behaviour, leadership, management, traits and attributes. He then turns to a bird’s eye view of the structure of information systems and their security requirements, and then demonstrates how physical and logical security systems work and complement each other to create a safe corporate information structure. A full exposition of the different structures and security needs of AS/400, Microsoft NT, and Unix provides an insight into security requirements regardless of which computer architecture is in use. Invaluable checklists and diagrams and the practical approach facilitate understanding hardware, operating systems, and the networks that enable the interconnection of platforms and applications. Disaster recovery planning is covered, given the ever‐present risk that a company may fall prey to a more cataclysmic fate.

This is an excellent Canadian contribution which is thoroughgoing, and treats a subject which will never go away, and which is a constant in operating any organisation – commercial, public, or not‐for‐profit. There is additionally a supporting Website available to purchasers, which contains Powerpoint presentations on a proposal for investment in a disaster recovery plan, and another on a firewall selection guide.

Yusufali F. Musaji is the AVP of System Development at TD Waterhouse and also the Founder, Director, and President of Ali’s Y. Consulting, Inc, an IT and financial consulting firm specializing in computer consulting. Mr Musaji’s experience embraces the full spectrum of financial, operational, and IT disciplines required of state‐of‐the‐art organizations. His functional and technical areas of expertise include system development and implementation, project management, computer security, and financial systems. He is widely published in IT, financial, and security journals regarding IT/user relationships, and has also developed numerous business continuity plans. He holds a Bachelor of Computer Science from York University, Toronto, Canada, CGA, CISA, and CISSP.