REVIEW: "Access Denied", Cathy Cronkhite/Jack McCullough
- View SourceBKACCDEN.RVW 20020604
"Access Denied", Cathy Cronkhite/Jack McCullough, 2002, 0-07-213368-6,
%A Cathy Cronkhite
%A Jack McCullough
%C 300 Water Street, Whitby, Ontario L1N 9B6
%I McGraw-Hill Ryerson/Osborne
%O U$24.99 905-430-5000 800-565-5758 fax: 905-430-5020
%P 283 p.
%T "Access Denied: The Complete Guide to Protecting Your Business
The introduction states that business leaders often lack the
background to deal with technical security issues, and that the book
seeks to fill the technical gap. Ordinarily I am wary of such claims,
particularly in such slim volumes, but, after a poor start, this one
works surprisingly well.
Chapter one concentrates on "hackers." There is sensationalism, and
there are errors, such as confusing Clifford Stoll's "wily hacker"
with members of the Chaos Computer Club, but the text does at least
divide security breakers into various camps, rather than lumping them
all together. The discussion of viruses and malware, in chapter two,
is the all-too-common unreliable mix of errors (the "Cokegift" prank
is stated to be a virus) and reasonable material. A random collection
of email dangers and netiquette makes up chapter three. Another
miscellaneous list of Internet attacks and some misinformation (a
discussion of "poisoned" cookies) is given in chapter four, but no
means of protection.
After this, however, the book improves. The review of encryption, in
chapter five, is a clear presentation for the non-specialist. Chapter
six is a reasonable guide to backup. Network security loopholes, and
means of protecting them, are in chapter seven. Physical security is
covered in chapter eight. Chapter nine looks at remote, wireless, and
cellular security. Intrusion detection and documentation (suitable
for presentation to law enforcement) is in chapter ten. The material
on risk analysis, in chapter eleven, is slightly facile, but is a good
accompaniment to policy development.
The subtitle slightly overstates the case in terms of completeness,
but this work certainly is worthy of review by any manager without a
technical background, who nevertheless needs to make decisions about
copyright Robert M. Slade, 2002 BKACCDEN.RVW 20020604
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
Been there, done that, lost a few fingers ....
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade