Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Information Security Management", Gurpreet Dhillon

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKINSCMN.RVW 20020628 Information Security Management , Gurpreet Dhillon, 2001, 1-878289-78-0, U$69.95 %A Gurpreet Dhillon %C 1331 E. Chocolate Ave.,
    Message 1 of 1 , Sep 13, 2002
    • 0 Attachment
      BKINSCMN.RVW 20020628

      "Information Security Management", Gurpreet Dhillon, 2001,
      1-878289-78-0, U$69.95
      %A Gurpreet Dhillon
      %C 1331 E. Chocolate Ave., Hershey PA 17033-1117
      %D 2001
      %G 1-878289-78-0
      %I Idea Group Publishing
      %O U$69.95 800-345-4332 fax: 717-533-8661 cust@...
      %P 184 p.
      %T "Information Security Management: Global Challenges in the New

      This is a collection of essays by different authors. The preface,
      however, states that the intention was to bring together diverse views
      and yet to "build an argument." What the argument, or central thesis,
      of the work is, has not been stated.

      Chapter one is supposed to set forth the new challenges to information
      security, but ends up telling us, at great length, that "the times
      they are a-changin." (Extracting further information from the
      academic-speak is not made any easier by the many grammatical oddities
      and awkward constructions.) Policy is central to security, and so it
      is no surprise to see it as the topic of chapter two. What is
      astounding is the fact that so much is wrong with this paper that it
      is hard to know where to start. Everything seems to be backwards. It
      is stated that an audit should be done as the prelude to policy
      development, by how can you conduct an audit with no policy to measure
      compliance against? Again, the essay says that the procedures in
      place will form the policy, whereas it should be the policy that
      guides development of procedures. A simplistic discussion of ethics
      makes up chapter three. There really isn't any analysis: after a few
      facile presentations of both sides of a variety of issues the author
      just asserts that X is or is not moral. Chapter four is supposed to
      argue that ethical policies build trust and trust promotes e-commerce,
      but instead actually just lists a number of random security topics. A
      look at "cyber terrorism," in chapter five, seems to consist only of
      listing Web sites for known terrorist organizations. Prescription
      fraud is never rigorously defined, so it is hard to say whether the
      technical measures proposed in chapter six are relevant or not.
      Chapter seven tells us (surprise, surprise) that disaster recovery
      planning is often done inadequately, or left undone. A discussion of
      development models, in chapter eight, seems to be so abstract that it
      is of no digital use. Internet and e-business security touches on
      some miscellaneous subjects in chapter nine. The author obviously
      thinks Compliance Monitoring for Anomaly Detection (CMAD, with some
      kind of trademark symbol appended to it) is vitally important, but
      chapter ten's explanation seems to just describe another type of
      statistical change measurement. Chapter eleven vaguely discusses some
      of the security issues involved with the use of agent or mobile
      software. The final chapter lists some "motherhood" security

      One of the interesting, and disturbing, aspects of the book is that
      each paper is accompanied by a bibliography of sources, but almost
      none of the standard security reference works in the various fields
      addressed are cited. How can you discuss, for example, computer
      ethics without having read Deborah Johnson's (cf. BKCMPETH.RVW) works?

      Compilation works tend to be hard to pin down, and to vary in quality
      and usefulness. This work has a remarkable consistency, in that the
      items included are all vague, uninteresting to the professional, and
      unhelpful to the practitioner.

      copyright Robert M. Slade, 2002 BKINSCMN.RVW 20020628

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Just about every computer on the market today runs UNIX, except
      the Mac (and nobody cares about it). - Bill Joy, 6/21/85
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.