Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Disaster Proofing Information Systems", Robert W. Buc

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Disaster Proofing Information Systems", Robert W. Buchanan
Date: Mon, 3 Jan 2005 13:39:47 -0800 


BKDPINSY.RVW   20041106

"Disaster Proofing Information Systems", Robert W. Buchanan, 2003,
0-07-140922-X, U$49.95/C$78.95/UK#36.99
%A   Robert W. Buchanan
%C   300 Water Street, Whitby, Ontario   L1N 9B6
%D   2003
%G   0-07-140922-X
%I   McGraw-Hill Ryerson/Osborne
%O   U$49.95/C$78.95/UK#36.99 905-430-5000 fax: 905-430-5020
%O  http://www.amazon.com/exec/obidos/ASIN/007140922X/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/007140922X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/007140922X/robsladesin03-20
%P   268 p.
%T   "Disaster Proofing Information Systems"

Buchanan proposes that we avoid disaster by building systems that have
redundancies and are resistant to failure.  In theory, this is an
excellent idea.  But he also implies that you can do this without any
extra work or expense.  Beware of people who tell you they can spin
gold out of straw.

Part one outlines the SHARED (somehow derived from "systems providing
high availability through end-to-end resource distribution")
methodology.  Chapter one is a promotional piece for SHARED, featuring
scattered examples, a disjointed structure, and verbiage that appears
to be a rationale for the use of the system, but only if you don't
examine it closely.  This scattered and random approach is extended in
chapter two, where the discussion of risk management confuses the
qualitative and quantitative methods, and suggests that an alternative
means of communications is a phone tree--if the phones are out.  A lot
of activity is suggested, most of it in the form of taking
inventories, but the explanations of *how* to decide what goes on the
various forms is very poor.  The standard parts of a disaster recovery
plan, such as hot sites, cold sites, and (in a rather idiosyncratic
use of the term "co-location") multiple processing bureaus, are listed
in chapter three.  Chapter four pulls data out of thin air to fill in
the forms for an "example" study.

Part two talks about implementing SHARED.  Chapter five discusses
access devices, which seems to mean replacing your desktop computers
with handhelds.  Products for implementing the different types of
redundancy with different platforms are listed in chapter six,
although it is notable that clustering is described in the very
limited Microsoft manner, rather than the broader and original sense. 
Chapter seven suggests that you write your applications properly. 
(How to do this is left as an exercise for the reader.)  Database
(referred to here as "data store") replication and backup is touched
on in chapter eight.  Various redundant topologies are suggested in
chapter nine, but Buchanan makes several mistakes (suggesting, for
example, one that avoids excessive communications--but would ensure a
failure of communications in the event of the system failure that it
is supposed to address).  Chapter ten makes vague mentions of
different market and operation types.  Chapter eleven refers to
generic testing activities.

This book is hard to read, hard to understand, and provides very
little useful information that is not addressed much more lucidly
elsewhere (such as in Toigo's "Disaster Recovery Planning" [cf.
BKDIRPL.RVW]).

copyright Robert M. Slade, 2004   BKDPINSY.RVW   20041106


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
What a strange machine man is.  You fill him with bread, wine,
fish, and radishes, and out come sighs, laughter and dreams.
                                                 - Nikos Kazantzakis
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade






 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Disaster Proofing Information Systems", Robert W. Buchanan, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] Re: Help determine type of attack, Doug Landoll
Next by Date:  [CISSP-D] enterprise InfoSec titles, Okyar
Previous by Thread:  [CISSP-D] Re: Help determine type of attack, Doug Landoll
Next by Thread:  [CISSP-D] enterprise InfoSec titles, Okyar
Indexes:  [Date] [Thread] [Top] [All Lists]