Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "International IT Governance", Alan Calder/Steve Watki

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "International IT Governance", Alan Calder/Steve Watkins
Date: Wed, 13 Dec 2006 10:02:51 -0800 
BKINITGV.RVW   20061106

"International IT Governance", Alan Calder/Steve Watkins, 2006,
0-7494-4748-6, U$80.00/UK#45.00
%A   Alan Calder www.27001.com
%A   Steve Watkins
%C   120 Pentonville Rd, London, UK, N1 9JN
%D   2006
%G   0-7494-4748-6
%I   Kogan Page Ltd.
%O   U$80.00/UK#45.00 +44-020-7278-0433 kpinfo@kogan-page.co.uk
%O  http://www.amazon.com/exec/obidos/ASIN/0749447486/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0749447486/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0749447486/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   366 p.
%T   "International IT Governance: An Executive Guide to ISO
      17799/ISO 27001"

Chapter one lists various threats.  A minimal explanation of the US
Sarbanes-Oxley law is in chapter two.  A muddled description of ISO
17799 and 27001 is in chapter three.  Chapter four lists bits of a
possible security management project.  A generic statement about
security policies is in chapter five.  Chapter six contains a verbose
but sketchy outline of risk assessment.

The risk of external users is discussed in chapter seven.  Although
the title of chapter eight suggests it deals with assets, most of the
material concentrates on classification.  Various aspects of
employment are listed in chapter nine.  Random topics to do with
facility physical security are in chapter ten, and equipment
protection in eleven.  Chapter twelve is entitled "Communications and
Operations Management" and instead talks about contracts.

Viruses are examined (poorly) in chapter thirteen, along with a brief
mention of backups.  Fourteen has another odd pairing: network
security and media handling (both treated very tersely).  "Exchanges
of information," in fifteen, seems to mean email.  Certain aspects of
electronic commerce are mentioned in sixteen.  Email gets another
review in seventeen.

There is a surprisingly reasonable outline of access control (with an
odd inclusion of blackhat activities) in chapter eighteen.  Chapter
nineteen turns to network access control, with "operating system"
access control in twenty, and a weird amalgam titled "application
access control and teleworking," in twenty-one.

System development is the topic of chapter twenty-two.  Cryptography
gets an extremely terse overview in twenty-three.  Development comes
back for a second try in twenty-four.  Audit and logging is listed in
twenty-five and business continuity in twenty-six.  "Compliance," in
twenty-seven, simply catalogues various laws.  Chapter twenty-eight
finishes off with a short description of what to expect in an ISO/IEC
27001 audit.

The text has a Web component to it, and this is referred to in a
number of places in the work.  It should be noted that this Web
component is also promoted, in the publication, as a general security
management portal (unrelated to the book).  However, it is, in fact,
the Website of the consultancy run by one of the authors.  The files
available on the site do not deliver the promised information: first,
the files, when you do get to download them, lack any indication as to
type, and when you finally find out which file format they are (mostly
PDFs, with a few XLSs) the contents are generally of the marketing
brochure level, advising you to buy further materials from the site.

The book is somewhat less verbose and turgid than the earlier "IT
Governance" (cf. BKITGVRN.RVW), but is astoundingly similar in many
ways.  The quality of technical information is inconsistent and
suspect, and the structure is random.  Managers will not find 
guidance in regard to the management of security within information
systems, nor about ISO 17799/27001.

copyright Robert M. Slade, 2006   BKINITGV.RVW   20061106


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
I have often stood there and looked out upon my past life and
upon the different surroundings which have exercised their power
upon me: and the pettiness which so often gives offense in life,
the numerous misunderstandings too often separating minds which
if they properly understood one another would be bound together
by indissoluble ties, vanished before my gaze.   - Soren Kierkegaard
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "International IT Governance", Alan Calder/Steve Watkins, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] REVIEW: "Understanding and Managing Cybercrime", Samuel C. McQuade, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  [CISSP-D] REVIEW: "Understanding and Managing Cybercrime", Samuel C. McQuade, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]