Security Innovation – Trying to Change the Game

It’s never pleasant to receive a somewhat negative book review, but such reviews often point the way to future improvements. As Theodore Roosevelt once said, “It is hard to fail, but it is worse never to have tried to succeed.”

So that’s how I felt about Robert M. Slade’s review of the book Enterprise Information Security and Privacy (Artech House, 2009), which I co-edited with Jennifer Bayuk and Dan Schutzer. You can find the review in many places on the Web, such as at

The last sentence of what I consider to be a generally fair review states “If the authors were supposed to present new ideas for security, they have failed. There is nothing wrong with any of the pieces contained in the book, but they are simply ‘more of the same.’” As coordinating editor of the book, my personal response, and not necessarily that of my co-editors or the authors, is “Guilty, with an explanation.” So here’s the explanation.

I originally came up with the concept of developing a book that would point out the myths that constantly dog information security practices and then come up with some “game-changing” ways in which to advance the state of the art of information security and privacy. Researchers in government, academia and the private sector are all looking for those breakthroughs that will “change the game” when it comes to the fight against cyber attacks. My co-editors and I canvassed among the practitioners, whom we knew, for them to write chapters for the book, based on the premise that practitioners likely know better than researchers and vendors what works and what doesn’t. This presented our first hurdle. Few practitioners have time to write. We found some very good ones who were able to contribute, but it was a hard slog.

Post a Comment

Your email is never published nor shared. Required fields are marked *