Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Managing Knowledge Security", Kevin C. Desouza

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Managing Knowledge Security", Kevin C. Desouza
Date: Fri, 14 Dec 2007 11:26:49 -0800 
BKMAKNSE.RVW   20070927

"Managing Knowledge Security", Kevin C. Desouza, 2007, 0-7494-4961-6,
U$65.00/UK#32.50
%A   Kevin C. Desouza secureknow.blogspot.com kev.desouza@gmail.com
%C   120 Pentonville Rd, London, UK, N1 9JN
%D   2007
%G   0-7494-4961-6 978-0-7494-4961-2
%I   Kogan Page Ltd.
%O   U$65.00/UK#32.50 +44-020-7278-0433 kpinfo@kogan-page.co.uk
%O  http://www.amazon.com/exec/obidos/ASIN/0749449616/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0749449616/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0749449616/robsladesin03-20
%O   Audience i Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   200 p.
%T   "Managing Knowledge Security"

Desouza is of the "competitive intelligence" community, so the
"knowledge" of the title refers to special skills, processes, or other
information that gives your business a particular advantage, and which
is either unknown or in limited circulation elsewhere.

Chapter one provides some examples of thefts of intellectual property. 
The author also exhorts companies to classify and assign a value to
their informational assets (with which advice I can only heartily
concur).  He goes on to describe the activities involved in spying on
corporations, and notes the limitations of traditional security guards
in this regard.  Chapter two explains how employees can be the
greatest threat to the loss of institutional knowledge--and can also
be the biggest asset in protecting it.  Considerations with regard to
personal computing devices (such as laptops and advanced cell phones)
for travelling executives are discussed in chapter three.  As well,
there are suggestions on how to avoid being kidnapped, and some
recommendations with respect to recycling paper and obsolete computer
equipment.  Chapter four looks at a range of the possible alliances
between companies, and the ways that various problems related to
intellectual property might occur as a result of those associations. 
Chapter five contains recommendations of diverse measures to limit
physical access to corporate offices.  Business continuity is
addressed, in chapter six, from the perspective of loss of knowledge
resources.  (Oddly, there is little discussion of the higher levels of
risk from social engineering inherent in such situations.)  Basic
information security practices, threats, and technologies are outlined
in chapter seven.

The book presents an interesting viewpoint in regard to security, but
does not seem to break any new ground.  In terms of information
security or classification, this work does not go beyond any standard
security text such as the original edition of "Computer Security
Basics" (cf. BKCMPSEC.RVW) or (ISC)2's "Official Guide" (cf.
BKOITCE.RVW).  With regard to social engineering, which one might
consider a specialty of those in the "business intelligence" field,
any of Ira Winkler's volumes, such as "Corporate Espionage" (cf.
BKCRPESP.RVW) or "Spies Among Us" (cf. BKSPAMUS.RVW), has more detail
and extensive suggestions.  Desouza's work, clear and engaging as it
is, is possibly an interesting additional outlook, but hardly a
necessary addition or replacement.

copyright Robert M. Slade, 2007   BKMAKNSE.RVW   20070927


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
Your email has been returned due to insufficient voltage.
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Managing Knowledge Security", Kevin C. Desouza, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  Re: [CISSP-D] REVIEW: "Practical Packet Analysis", Chris Sanders, Stuart Woodward
Next by Date:  [HIPAA-CISSP] Call for Participation: Application Security Users Group (Hartford CT), james
Previous by Thread:  [CISSP-D] REVIEW: "Practical Packet Analysis", Chris Sanders, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [HIPAA-CISSP] Call for Participation: Application Security Users Group (Hartford CT), james
Indexes:  [Date] [Thread] [Top] [All Lists]