Go Back   Wireless and Wifi Forums > News > Newsgroups > alt.computer.security
REVIEW: "Enterprise Information Security and Privacy", C. Warren Axelrod/Jennifer L. Bayuk,Daniel Schutzer

REVIEW: "Enterprise Information Security and Privacy", C. Warren Axelrod/Jennifer L. Bayuk,Daniel Schutzer

REVIEW: "Enterprise Information Security and Privacy", C. Warren Axelrod/Jennifer L. Bayuk,Daniel Schutzer. Discuss REVIEW: "Enterprise Information Security and Privacy", C. Warren Axelrod/Jennifer L. Bayuk,Daniel Schutzer, on Wireless Forums.

Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-28-2011, 01:34 AM
Rob Slade, doting grandpa of Ryan and Trevor
Guest
  
Posts: n/a
Default REVIEW: "Enterprise Information Security and Privacy", C. Warren Axelrod/Jennifer L. Bayuk,Daniel Schutzer
BKEISCPR.RVW 20101023

"Enterprise Information Security and Privacy", C. Warren
Axelrod/Jennifer L. Bayuk,Daniel Schutzer, 2009, 978-1-59693-190-9,
U$99.00
%E C. Warren Axelrod Warren.Axelrod@usccu.us
%E Jennifer L. Bayuk www.bayuk.com
%E Daniel Schutzer Dan.Schutzer@fstc.org
%C 685 Canton St., Norwood, MA 02062
%D 2009
%G 978-1-59693-190-9 1-59693-190-6
%I Artech House/Horizon
%O U$99.00 800-225-9977 fax: +1-617-769-6334 artech@artech-house.com
%O http://www.amazon.com/exec/obidos/AS...bsladesinterne
http://www.amazon.co.uk/exec/obidos/...bsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASI...bsladesin03-20
%O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 231 p.
%T "Enterprise Information Security and Privacy"

The authors of this collection of papers were told to examine and
challenge current and traditional approaches to information security
and suggest alternatives overcoming noted deficiencies.

Part one looks at history and trends. Chapter one traces privacy
attitudes and legislation in the United States over the past century,
and suggests that privacy and information security are related. Data
protection should be supported by a defined, multi-factor, holistic
security system, says chapter two. (As the editorial comment notes,
this is hardly surprisng news to security professionals.) Security
faces pressure from operational concerns, and chapter three states
that security departments that help the business rather than hindering
(in other words, planning security properly) are more likely to
succeed. Chapter four notes that information classification based
solely upon confidentiality concerns is limited, but the suggested
structure still relates only to that aspect. The article singularly
fails to examine any possible form of multilateral classification
scheme, incorporating integrity and availability issues. Chapter five
delves into human factors, which are vitally important to security,
but limits the discussion to privacy, which is already pretty human.

That piece finishes off with some examination of risk, although it
doesn't say much about human factors in risk, but I suppose makes a
nice lead in to the fact that part two is concerned with risk. Donn
Parker makes his usual contrarian argument against risk-based security
in chapter six. The author of chapter seven notes this objection, but
claims that it is only applicable if you fail to account for all the
proper factors (totally missing Parker's point that you can never know
all the factors). A hodge-podge of legal topics goes into chapter
eight, but the emphasis (if there is any) seems to be on new
"compliance" standards such as the Payment Card Industry Data Security
Standard (PCI-DSS or just PCI). Chapter nine takes a brief and
focussed look at the most important changes in the telecommunications
arena.

Part three turns to specific idustries: finance, energy,
transportation, and academia. Chapter ten lists US financial
regulations, and then offers vague suggestions of new regulations. A
number of questions about the security of enegery providers or
infrastructure are raised in chapter eleven, but there are few
answers. In terms of transport, chapter twelve mentions SCADA
(Supervisory Control And Data Aquisition) systems and alarm sensors.
Chapter thirteen doesn't really appear to examine academia: the "case
studies" may be formal, but are really just reports of malware similar
to those in the general user population.

If the authors were supposed to present new ideas for security, they
have failed. There is nothing wrong with any of the pieces contained
in the book, but they are simply "more of the same."

copyright, Robert M. Slade 2011 BKEISCPR.RVW 20101023

======================
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
"Dictionary of Information Security," Syngress 1597491152
http://blogs.securiteam.com/index.ph...ves/author/p1/
http://twitter.com/rslade
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
Book reviews: [Base URL]mnbk.htm
Review mailing list: send mail to techbooks-subscribe@egroups.com
or techbooks-subscribe@topica.com


Reply With Quote
Reply


« Adobe calling Avast????? | sap video tutorials. »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 04:50 PM.

Wireless Support Forum - Archive - Top - Privacy Policy - Terms of Use


Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45