Book ReviewBook Review

Preventing Identity Theft in Your Business Judith M. Collins
2005, John Wiley & Sons
ISBN 0-471-69469-X

How concerned are you about identity theft? What steps are you taking to try and prevent identity theft in your organization? If this conjures visions of firewalls, demilitarized zones, hardened databases and similar technical jargon, you will find a refreshingly people-oriented perspective on identity theft in the recently published book Preventing Identity Theft in Your Business. Starting with a familiar yet oft-forgotten maxim — that computers don’t steal identities, people do — the book goes on to examine the ramifications of identity theft from various perspectives, and suggests an employee-empowered approach to safeguarding identity information and preventing identity theft. Drawing on the author’s personal experiences in dealing with identity theft in research and practice, the book proposes a people-centric process to securing identity information, titled Business Information Security Program (BISP). The emphasis of the BISP is on securing three "fronts": People, Processes and Property (e.g. web sites), starting with identifying the types and sources of identity (e.g. credit card information, bank accounts), then setting about to securing the three fronts through teamwork. Although at times a little lofty in its claims ("...identity theft stops here"), the book’s premise cannot be ignored.