Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] REVIEW: "A Practical Guide to Managing Information Security", Stev

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] REVIEW: "A Practical Guide to Managing Information Security", Steve Purser
Date: Tue, 12 Oct 2004 01:21:51 -0500 (CDT) 
Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" 
<rslade@sprint.ca>

BKPGTMIS.RVW   20040514

"A Practical Guide to Managing Information Security", Steve Purser,
2004, 1-58053-702-2, C$120.50
%A   Steve Purser
%C   685 Canton St., Norwood, MA   02062
%D   2004
%G   1-58053-702-2
%I   Artech House/Horizon
%O   C$120.50 800-225-9977 fax: 617-769-6334 artech@artech-house.com
%O  http://www.amazon.com/exec/obidos/ASIN/1580537022/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1580537022/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1580537022/robsladesin03-20
%P   259 p.
%T   "A Practical Guide to Managing Information Security"

After years of reviewing security books there were a number of red
warning flags in the preface: the perception that a book was needed to
address the "entire" subject of security, an insistence on a
"pragmatic" and management oriented approach, and the use of a
"fictitious but realistic case study" to support the arguments in the
work.  The final omen came in the author's bio on the back cover: he's
a banker.

Chapter one is a vague statement that the information technology world
is getting riskier, but states outright the irresponsible notion that
it is better to provide a less secure product to customers as long as
that reduces your "time to market."  This is backed up by a great deal
of waffling managementspeak that boils down to the idea that we have
to learn to work faster *and* cheaper *and* better *and* smarter.  The
footnotes and references intended to demonstrate that this is a
scholarly and researched effort are, instead, a grab bag of varying
origin and quality, indicating that the author isn't really familiar
with security literature, and used whatever he happened to read.  A
few security information sources and generic advice on planning is in
chapter two.  The taxonomy of technical tools, in chapter three,
contains no entries for accounting, application development,
operations, physical security, assurance, or business continuity, thus
indicating the enormous gaps in this work.  The artificial structure
imposed on the list works against an integrated view of the tools:
Purser obviously doesn't understand intrusion detection divisions, or
that host-based and net-based systems both provide details--but of
differing views.

In chapter four, Purser obviously thinks that he is giving us new
insight into security assessment, when all that is really being
delivered is a generic project planning cycle.  Similarly, chapter
five deals with business and threat analysis.  A vague review of
policy documents is in chapter six.  Chapter seven takes on that
wonderful buzzphrase, "process re-engineering," having almost nothing
to do with security at all.  A planning cycle comes up again when
chapter eight supposedly looks at security architecture.  Chapter nine
covers security training, in an overly formal way.

This book adds almost nothing to the existing security literature,
except for a lot of management directed verbiage.

copyright Robert M. Slade, 2004   BKPGTMIS.RVW   20040514


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
It's a kind of spiritual snobbery that makes people think they
can be happy without money.                 - Albert Camus (1913-60)
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] REVIEW: "A Practical Guide to Managing Information Security", Steve Purser, InfoSec News <=
Previous by Date:  [ISN] Schmidt to take greater role in U.S. cybersecurity, InfoSec News
Next by Date:  [ISN] Foreign Police Vying to Learn Cyber Crime Investigation Skills, InfoSec News
Previous by Thread:  [ISN] Schmidt to take greater role in U.S. cybersecurity, InfoSec News
Next by Thread:  [ISN] Foreign Police Vying to Learn Cyber Crime Investigation Skills, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]