Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Mapping Security", Tom Patterson

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Mapping Security", Tom Patterson
Date: Thu, 22 Dec 2005 08:39:13 -0800 
BKMAPSEC.RVW   20050805

"Mapping Security", Tom Patterson, 2005, 0-321-30452-7,
U$34.99/C$49.99
%A   Tom Patterson www.tpatterson.net Online@MappingSecurity.com
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2005
%G   0-321-30452-7
%I   Addison-Wesley Publishing Co.
%O   U$34.99/C$49.99 800-822-6339 Fax: 617-944-7273 bkexpress@aw.com
%O  http://www.amazon.com/exec/obidos/ASIN/0321304527/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0321304527/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0321304527/robsladesin03-20
%O   Audience n- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   405 p.
%T   "Mapping Security"

A sort of preface seems to indicate that this book lists countries and
assigns them a security score.

Chapter one repeats this same material.

Part one gives general security advice.  Chapter two reiterates the
point that business is increasingly global in nature, and that
information technology has enabled activities that can create problems
for business.  We shouldn't waste time with risk assessment, says
chapter three.  What we should do sounds an awful lot like risk
assessment.  (We are also told that "things are different elsewhere,"
as in, other countries.)  Chapter four seems to start out by promoting
traditional cost/benefit analysis (with regard to "return on security
investment"), but quickly diverts into a list of security technologies
that the author considers to be worth it (presumably regardless of
your business or situation).  The idea that certain security
technologies can enhance business and profits is promoted in chapter
five, which also lists some examples to support the concept.  Chapter
six appears to advocate developing an ongoing awareness or facility
for determining the existence of security threats and attacks.  This
idea is extended, in chapter seven, and there is also a reminder that
threats, and protections, change rapidly.

Part two is the list of security indices by country and region. 
Chapter eight reiterates the notion that things are different
elsewhere, and also finally (somewhat tersely) delineates the Mapping
Security Index (MSI).  Europe is covered in chapter nine, first in
general and then by country.  Countries are not given equal space, and
the assignment does not seem to be on any particular basis.  Much less
space is devoted to the Middle East and Africa, in chapter ten. 
(Africa's forty-some countries are represented by South Africa, which
is hardly representative.  I'd rather hoped to check out Nigeria, but
it isn't there.)  Likewise missing are several nations from the
Americas (Central America is one entity), in chapter eleven, possibly
due to the space dedicated to explaining the United States (presumably
to those from the United States).  Chapter twelve discusses the Asia
Pacific region.  (Interestingly, although China gets a significant
amount of space, no mention is made of the unique nature of some
blackhat groups in China, the "red guests.")  A conventional essay on
outsourcing is presented in chapter thirteen.

Part three collects some other, related, topics.  Chapter fourteen is
a brief introduction to this section.  Laws are different elsewhere,
we are informed in chapter fifteen.  Distinctive uses are made of
technology, in other countries, although chapter sixteen could have
used more, and more effective, examples to point that out.  

The chapters in the book are difficult to follow, in terms of a
central theme or thread.  The text seems to jump from topic to topic,
possibly under some commonality apparent to the author, but not
explained to the reader.  I'm not really clear on the audience for
whom this book was supposed to be written, nor anyone to whom I could
recommend it.

copyright Robert M. Slade, 2005   BKMAPSEC.RVW   20050805


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
Vikings?  There ain't no vikings here.  Just us honest farmers.
The town was burning, the villagers were dead.  They didn't need
those sheep anyway.  That's our story and we're sticking to it.
                                                      - Dan Sorenson
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade


------------------------ Yahoo! Groups Sponsor --------------------~--> 
Most low income homes are not online. Make a difference this holiday season!
http://us.click.yahoo.com/5UeCyC/BWHMAA/TtwFAA/kgFolB/TM
--------------------------------------------------------------------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Mapping Security", Tom Patterson, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  Re: [CISSP-D] Elementary question - ComparisonWithCISA & Suggested Books, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  [CISSP-D] REVIEW: "The Art of Computer Virus Research and Defense", Peter Szor, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]