Hardware Based Computer Security Techniques to Defeat Hackers (Wiley) by Roger Dube, maps out solutions for hardware devices used by the Intelligence and Defense communities. Dube begins with an overview of the basic elements of computer security and then covers areas such as cryptography, bootstrap loading, and biometrics. 

   Chapter Twelve does a good job of covering “tokens,” such as a key card or photo ID. The computer security mantra, “something you have and something you know” is true with securing tokens. Issues such as cost, usability and lockout must be evaluated when considering the use of tokens as part of the user-authentication process.

   The book not only discusses the solutions but devotes a chapter at the end to explain how to implement them. A good investment for the CIO and IT Administrator. Available through Amazon for the sale price of $71.96. (retail $89.95)

  IT Compliance and Controls: Best Practices for Implementation is a timely book that takes a good look at IT internal controls and answers the question, “How much is enough?” Along with providing protection for their organizations, the CIO/CTO needs to address compliance issues identifying appropriate controls and its relationship with the global market. Author James J. DeLuccia, IV presents field-tested ideas forged from the fires of direct experience with clients who are daily hammering out their technology to become competitive business models.  

    DeLuccia lays a foundation by examining the importance of internal IT controls defining US government oversight measures. He then explains why silo IT strategy wastes time and resources, offering a better solution in having an IT enterprise control environment.

     The third section of the book covers implementation, focusing on risk analysis, technology strategy orchestration, life cycle management, access and authorization,  and other areas. Available through Amazon for an affordable $40. A very useful book for the CIO, CTO, IT auditors, audit managers, and IT managers.

 Another serious textbook, The Handbook of Information and Computer Ethics is an ambitious in-depth look at the dizzying playground where technology meets  human behavior. The book is a compilation of varying professors in philosophy and technology, offering their take on issues such as privacy and anonymity, hacking, and responsibility and risk assessment. 

The editors, Kenneth E. Himma and Herman T. Tavani, explore the relationship between the internet and one’s ability to co-exist with it ethically.  Himma especially has an interesting definition of the term “hacker” and ponders if the concept of trespassing means the same as the  term “digital intrusion.”

The chapter on responsibilities for information on the internet is challenging by questioning who truly owns it. Another chapter explores the issue of Software Development Impact Statements. (SoDIS) It is a fascinating book. For $100 (On sale at Amazon!), you can stretch your mind with all types of scenarios. A great book to pass along to your network staff.