Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Privacy", J. C. Cannon

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Privacy", J. C. Cannon
Date: Mon, 16 Jan 2006 08:35:05 -0800 
BKPRVACY.RVW   20051023

"Privacy", J. C. Cannon, 2005, 0-321-22409-4, U$49.99/C$71.99
%A   J. C. Cannon jc_msft@hotmail.com
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2005
%G   0-321-22409-4
%I   Addison-Wesley Publishing Co.
%O   U$49.99/C$71.99 416-447-5101 fax: 416-443-0948 bkexpress@aw.com
%O  http://www.amazon.com/exec/obidos/ASIN/0321224094/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0321224094/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0321224094/robsladesin03-20
%O   Audience i- Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   347 p. + CD-ROM
%T   "Privacy: What Developers and IT Professionals Should Know"

The preface states that this book should help people learn about
privacy technologies.  (The cover refines this: it contains what
developers and information technology professionals should know.)

Part one examines privacy for everyone.  Chapter one is a vague review
of privacy.  A list of privacy related technologies is in chapter two. 
There is a brief look, in chapter three, at privacy lawsuits and
legislation.  Chapter four discusses privacy settings in Windows,
including the metadata in Word files.  Spam, and anti-spam
technologies, are surveyed in chapter five.  Privacy invasive
technologies are examined in chapter six, concentrating on radio-
frequency identity chips.

Part two looks at privacy and the organization.  Chapter seven
suggests some corporate structures to do with security, such as having
a chief privacy officer and a privacy council.  A "Privacy Response
Center" is recommended in chapter eight.  (I thought they used to call
this an "ombudsman" or something.)

Part three concerns privacy factors for the developer.  Chapter nine
outlines the Platform for Privacy Preferences Project (P3P).  Advice
on developing "privacy aware" software programs is given in chapter
ten, although most of it seems to be fairly standard system
development methodology.  A not-terribly-clear-or-helpful system of
diagramming information flow to analyze privacy distribution is
suggested in chapter eleven.  (An effort to demonstrate a data flow
diagrammatic approach to privacy chooses to put error data,
administrative activities, and system settings inside the privacy
boundary.)  Chapter twelve attempts to give an example of how the
foregoing three chapters would work in building an application.  Some
considerations for databases are discussed in chapter thirteen. 
Another attempt to present a privacy aware program is given in chapter
fourteen.  Rather oddly, chapter fifteen talks about technologies that
protect intellectual property.

It is very hard to say what this book is about.  Some of part one is
not bad, although hardly inspired.  The corporate material, in part
two, is turgid, and seemingly applicable only to the most massive of
corporations.  Part three's suggestions about privacy aware
applications appear not only unhelpful but pointless, at least in
terms of real privacy issues.

copyright Robert M. Slade, 2005   BKPRVACY.RVW   20051023


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
 Children are messages we send to a time we will not be here.
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Privacy", J. C. Cannon, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] risk assessment vs disaster recovery, s m
Next by Date:  Re: [CISSP-D] Digest Number 697, Efe Akpodono
Previous by Thread:  [CISSP-D] risk assessment vs disaster recovery, s m
Next by Thread:  Re: [CISSP-D] Digest Number 697, Efe Akpodono
Indexes:  [Date] [Thread] [Top] [All Lists]