Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "The Secured Enterprise", Paul E. Proctor/F. Christian

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "The Secured Enterprise", Paul E. Proctor/F. Christian Byrnes
Date: Wed, 1 Sep 2004 08:45:27 -0800 

BKSEPYIA.RVW   20040719

"The Secured Enterprise", Paul E. Proctor/F. Christian Byrnes, 2002,
0-13-061906-X, U$34.99/C$54.99
%A   Paul E. Proctor
%A   F. Christian Byrnes
%C   One Lake St., Upper Saddle River, NJ   07458
%D   2002
%G   0-13-061906-X
%I   Prentice Hall
%O   U$34.99/C$54.99 +1-201-236-7139 fax: +1-201-236-7131
%O  http://www.amazon.com/exec/obidos/ASIN/013061906X/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/013061906X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/013061906X/robsladesin03-20
%P   304 p.
%T   "The Secured Enterprise: Protecting Your Information Assets"

The introduction states that the book is aimed at business
professionals, but that security professionals may also find it useful
as a reference.

Part one is an introduction to security.  So is chapter one, which
extends the traditional CIA (Confidentiality, Integrity, Availability)
security triad to include non-repudiation.  (Most security analysts
would see that function as a special case of integrity.)  This muddled
thinking is echoed by the muddled structure of the chapter, which
touches tersely on roles and policies, and contains an extremely
incomplete list of security technologies.  Miscellaneous threats are
mentioned in chapter two.  Policies are revisited in chapter three,
although the discussion is not clear in regard to high level policy
formation, and more applicable to access privilege or procedures. 
Chapter four deals specifically with access control, but in a
disorganized and incomplete fashion.

Part two deals with security technologies.  Chapter five is an
incomplete definition and description of firewalls (stateful and
circuit proxy types are never mentioned).  An incomplete description
of vulnerability scanners is given in chapter six.  An incomplete and
very dated discussion of viruses and protection makes up chapter
seven.  (Various implementations of scanning are noted, but there is
no reference to activity monitors or change detection).  The limited
review of intrusion detection, in chapter eight, has a rather
misleading explanation of sensor topology, and no clear explanation at
all of engine types.  Chapter nine has a simplistic outline of
asymmetric cryptography and public key infrastructure (and a very odd
example of the key management problem).  Chapter ten has lots of
verbiage about virtual private networks.  A strange conflation of
mobile communication and wireless LAN topics is in chapter eleven. 
Chapter twelve seems to both recommend and disparage single sign-on. 
A promotional piece for digital signature technology is in chapter
thirteen.

Part three discusses implementation.  Chapter fourteen outlines the
setting up of a security program, but only if you know what should go
into the various pieces already.  Security assessment, in chapter
fifteen, is limited to different types of penetration or vulnerability
testing, with a ludicrously short description of risk assessment. 
There is a simplistic overview of incident response and business
continuity planning in chapter seventeen.  Random bits of Web and
Internet security are listed in eighteen.

Given the scattered nature of the entire work, it is curious that part
four is entitled "Odds and Ends."  Miscellaneous legal issues are
raised in chapter nineteen.  Chapter twenty is supposed to help you
with "Putting It All Together," but just contains editorial advice.

OK, is it good for non-security businesspeople?  Maybe, if they really
know extremely little about security, and don't need to manage the
security function.  They will at least obtain some familiarity with
the terms that might be used, although it could be a case of a little
knowledge being a dangerous thing.  As for security professionals: get
some decent references.

copyright Robert M. Slade, 2004   BKSEPYIA.RVW   20040719


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
I appreciate the fact that this draft was done in haste, but
some of the sentences that you are sending out in the world to
do your work for you are loitering in taverns or asleep beside
the highway.
           -- Dr. Dwight Van de Vate, Professor of Philosophy,
                   University of Tennessee at Knoxville
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade




------------------------ Yahoo! Groups Sponsor --------------------~--> 
Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
Now with Pop-Up Blocker. Get it for free!
http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/kgFolB/TM
--------------------------------------------------------------------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "The Secured Enterprise", Paul E. Proctor/F. Christian Byrnes, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] Best practice tests?, s m
Next by Date:  [CISSP-D] Passed, jjmulvey
Previous by Thread:  [CISSP-D] Best practice tests?, s m
Next by Thread:  [CISSP-D] Passed, jjmulvey
Indexes:  [Date] [Thread] [Top] [All Lists]