For younger readers, the expression “over the transom” may not mean much. A transom is (or was) a window placed above a door to improve ventilation; these devices are common in old office or campus buildings that predate widespread installation of built-in air conditioning.

For people in the literary world, a book is described as over-the-transom when it arrives for review from its publisher or author without warning. I receive about a dozen over-the-transom books per year because I write this column but I review only a few of them because other writers, notably the distinguished security specialist Robert Slade, make a practice of reviewing many security books and do a fine job.

Also, I have a peculiar attitude towards reviewing books that disqualifies me as a _bona fide_ reviewer: I dislike publishing negative reviews. On those occasions where I have not liked a book, I have sent my review to the author in the form of suggestions for the next edition but declined to publish it. On the other hand, I do occasionally like to point out especially good texts that can be useful to readers and to fellow teachers. Today's topic is one such book: _Managing Cybersecurity Resources: A Cost-Benefit Analysis_ by Lawrence A. Gordon & Martin P. Loeb.

According to the book jacket, Gordon “is the Ernst & Young alumni Professor of Managerial Accounting and Information Assurance at the University of Maryland's Smith School of Business. Gordon is one of the world's leading experts and frequent speakers on the subject of cybersecurity economics, capital investments, cost management systems, and performance measures.”

Gordon has a rich Web site with many valuable pointers for readers of this column. Loeb is “a professor of accounting and information assurance” at the same institution and is “also an affiliate professor at the University of Maryland Institute for Advanced Computer Studies [as is Prof Gordon]. Loeb’s research on information security economics, mechanism design, and incentive regulation is internationally recognized and has been published in leading academic journals in economics, computer science, and accounting.” His Web site also has a wide range of valuable information.

The text has the following structure:

1. Introduction
2. A Cost-Benefit Framework for Cybersecurity
3. The Costs and Benefits Related to Cybersecurity Breaches
4. The Right Amount to Spend on Cybersecurity
5. Risk Management and Cybersecurity
6. The Business Case for Cybersecurity
7. Cybersecurity Auditing
8. Cybersecurity's Role in National Security
9. Concluding Comments
Glossary
Acronyms
References
Selected Annotated Bibliography
Index

In my next three columns, I will discuss some of the fundamental issues covered by professors Gordon and Loeb in their text.

Whitepapers

• Boost Productivity While Cutting Costs with Next-generation Collaboration
• Deploying Virtualized NetWare on Linux Whitepaper
• Driving Business Success Through Workgroup Choice and Flexibility
• Toward More Flexible, Next-Generation Collaboration Solutions
• Collaboration Tools and Organizational Success Whitepaper
• The ROI and TCO Benefits of Data Deduplication for Data Protection in the Enterprise

View more SECURITY whitepapers

Webcasts

• Creating a high performance workplace with wireless networking
• Harnessing the power of communications to increase workplace performance
• Making data centers the IT strategic focus
• Protecting assets and employees with IP Video Surveillance
• Stay out of the headlines: Detecting and preventing network intrusions
• Transforming the Enterprise WAN Edge: Video from Cisco

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• IP address management in 2008 - six things to know
• The self-managed network

View more SECURITY special reports