As Malcolm X once pointed out, Western society is so thoroughly permeated with racism that “black” is almost always a negative word. We speak of a “blacklist” and a “black mark”; most pinko-gray people (E.M. Forster’s preferred description of “white” folks) think that there’s nothing peculiar about “denigrating” or “blackening” someone’s reputation. Security books with “black” in the title have usually been focused on criminal hacking or virus writing.

I’ve had a decade-long argument with Mark Ludwig, for example, about his habit of publishing books that provide full details of virus code (e.g., _The Little Black Book of Computer Viruses_ and _The Giant Black Book of Computer Viruses_).

On the other hand, “black book” can also be used in a positive sense; one dictionary defines it as a book full of telephone numbers. By extension, “black book” has come to mean a concise technical manual that can be carried about easily - what was once called a “vade mecum” (Latin for “come with me”).

I recently received a review copy of a useful security “vade mecum” called _The Little Black Book of Computer Security_ by Joel Dubin, CISSP.

In 150 pages, Dubin presents a neat package of valuable reminders about significant security best practices and security assessment questions. The jacket bio says that the author “works as an independent computer-security consultant who is based out of Chicago. He has received multiple certifications from Sun Microsystems in the Java programming language as well as MBA and BA degrees from Northwestern University.”

This little book is ideal for widespread distribution to employees throughout an organization as part of a security-awareness campaign. The 7-inch-by-4.5-inch book is just the right size to slip into a pocket, purse, or computer bag. It has 19 chapters and five appendices with topics such as:

* Assessing Your System
* Writing Your Security Policy
* Taking Care of Physical Security
* Managing Human Resources
* Putting Software Access Controls in Place

And so on.

Flipping pretty much at random into the book to pick an example, I opened it at Chapter 9, “Protecting your system against viruses, Trojans, and worms.” Dubin starts with a concise definition of malware, provides a simple and clear table distinguishing among viruses, Trojans and worms, and summarizes the main sources of infection with a paragraph each.

M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.