For this book review, we have taken a combined approach by not only reading the book, but also conduct an interesting interview with the authors during which they gave some further context about the upcoming edition of this book.
Informatiebeveiliging onder controle (Information security under control) is up for its fifth edition (August 2023) and describes in detail all relevant aspects organizations should consider in relation to information security. The first edition was published over 20 years ago with Paul Overbeek, Marcel Spruit and Edo Roos Lindgreen as authors. The current authors have been supervising the book since the third edition. Interestingly, the increasing dynamics in the field of information security is also reflected in the timespan between the editions, which have become significantly shorter.
Although the book is published in Dutch only with the academic world as prime user group, the content is highly relevant for all interested in the field. In our view, the holistic approach towards the topic is the key differentiator with comparable literature.
The authors explained that the central theme of the fifth edition will remain the guiding principles of data security, the governance of data security and the key security measures, organizations need to take into account. However, when comparing this edition with previous editions, the authors have put more focus on legal aspects, with recent developments such as the GDPR (General Data Protection Regulation) and Wbni (Dutch Network and Information Systems Security Act). Furthermore, the book will explore all five steps of the NIST framework, including “identify” and “recover”, which receive usually less attention in practice. The previous editions mainly focused on “preventive” measures, that are often specific in nature. Based on the view that not all cyber risks can be prevented, the book increasingly focuses on the detection of cyber incidents and the responsive actions required.
In terms of structure, the fifth edition is comparable with the older editions and therefore also reads like a reference book with a significant number of definitions, frameworks and guidelines. To be honest, this does not make it an easy read. According to the authors, this is on purpose as they are still of the opinion that in The Netherlands a good comprehensive, but detailed summary of all relevant aspects of information security is lacking. This is also the reason why this book is still high on the priority list of many universities, allowing teachers to give their own context to the facts of this book.
Considering the fact that you can use this as a reference book and select items of personal interest, we recommend this book to everyone (both working in IT and business functions) who is interested in the information security and wants to have a good understanding of the key concepts of this field. The fifth edition also contains more references to other literature, inviting the reader to gain broad insight into this interesting domain.
Coming from the world of academics, consultancy and business, the three authors offer broad know-how and experience. We expect that relevant use cases from the field will be brought into an academic setting in the sixth edition. Hopefully, they will live up to that expectation.
Van Houten, P., Spruit, M. & Wolters, K. (2023). Informatiebeveiliging onder controle: Grondslagen, management, organisatie en techniek van cybersecurity (5th ed.). Pearson. ISBN 9789043041300.