Peter Wood, the Chief of Operations of our sponsor, First Base Technologies, has written this guide which is now available from all good bookshops!

This guide provides an overview of the ways in which identity theft can take place and the type of threats that are subsequently posed. In clear, non-technical terms it outlines the role of authentication in countering these threats, in particular in addressing the problems posed by the current use of passwords as a means of authenticating users of IT systems.

Didi Barnes, Head of R&D at our sponsor, First Base Technologies assisted Ed Wilding in writing the wireless chapter of this highly useful reference.

Information risk exposes organizations to catastrophic failure, regulatory censure, fraud, IP theft, extortion, systems sabotage... the list goes on. The current fixation with technical controls means that people are often neglected, taken for granted or demeaned and yet, the one common denominator in most incidents is employees themselves.

"Information Risk and Security" explains the complex and diverse sources of risk for any organization, and provides clear guidance and strategies to prevent these threats before they happen and to investigate them, if and when they do. Edward Wilding focuses particularly on internal IT risk, workplace crime and the preservation of evidence, because it is these areas that are generally so badly mismanaged.

There is advice on: adopting control and security measures that do not hinder business operations, but which effectively block criminal access and misuse; how to secure information - in both electronic and hard copy form; understanding and countering the techniques by which employees are subverted or entrapped into giving access to systems and processes;preventing computer fraud, IP theft and systems sabotage, and investigating and responding to these threats should they occur; responding to attempted extortion and malicious information leaks; dealing with catastrophic risk; best-practice for monitoring and securing office and wireless networks; securing evidence where computer misuse occurs and presenting this evidence in court; conducting covert operations and forensic investigations; and much more.

Tackling information risk and security is, as with all other aspects of organizational effectiveness, a matter of good management. This is an essential guide for risk and security managers, computer auditors, investigators, IT managers, line managers and non-technical experts; all those who need to understand the threat to workplace computers and information systems. The author's style mixes numerous case studies with practical, down-to-earth and easily implemented advice to help everyone with responsibility for this threat to manage it effectively.