One of the areas of computing which have been neglected by book writers is security managment. However, there are a trickle of books over the last five years which address this very important issue. Security risk analysis is one which lies at the heart of security managment and Peltier is one of the first to try and write something coherent. Before the criticism it is worth saying that this book is moderately well written and technically correct. However, it is rather bloated: I could have written the book in fifty pages. For example there is a glossary which I see no need for which contains entries such as the definition of thunder as 'The sound produced by a stroke of lightning as it repidly (sic) heats the air surrounding the bolt' It is also a little muddled at times dealing with more than just security. In the end I resented paying forty odd pounds for a book whose essence could be summed up in fifty pages. I would have given three stars (just) if the price was below twenty pounds.