Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Information Security", Donald L. Pipkin

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKISPTGE.RVW 20020823 Information Security , Donald L. Pipkin, 2000, 0-13-017323-1, U$39.99/C$60.00 %A Donald L. Pipkin %C One Lake St., Upper Saddle
    Message 1 of 1 , Nov 7, 2002
    • 0 Attachment
      BKISPTGE.RVW 20020823

      "Information Security", Donald L. Pipkin, 2000, 0-13-017323-1,
      %A Donald L. Pipkin
      %C One Lake St., Upper Saddle River, NJ 07458
      %D 2000
      %G 0-13-017323-1
      %I Prentice Hall
      %O U$39.99/C$60.00 +1-201-236-7139 fax: +1-201-236-7131
      %P 364 p.
      %T "Information Security: Protecting the Global Enterprise"

      It takes quite a while to figure out what Pipkin is trying to do in
      this book. Ultimately, there is coverage of some of the important
      basic concepts involved in information security. However, the text as
      a whole is both confused and confusing.

      The prologue tells us that business is changing and chaotic, and that
      information is of prime importance. The introduction takes a quick
      run through a few of the basic security concepts, with an emphasis on
      business continuity planning.

      Phase one of the book is entitled "Inspection," but the prologue lists
      some items of concern in risk analysis. Chapter one, called "Resource
      Inventory," is concerned with data classification. It touches on, but
      does not really discuss, the orthogonal nature of classification
      schemes when confidentiality, availability, and integrity must be
      considered. The material is sparse, and, while there are some
      indications of forward references to later chapters, those chapters do
      not get down to practical details either. Chapters two to six begin
      to examine the concepts of threats (concentrating, very poorly, on
      malicious software), loss analysis (many examples, little of
      substance), vulnerabilities, safeguards, and assessment.

      Phase two, on protection, seems to be trying to expand chapter five,
      but really just repeats prior material. Concepts touched on include
      access, identification, authentication, authorization, and
      accountability. Mixed in are the not-quite-related topics of
      availability, accuracy, confidentiality, and administration.

      Phase three looks at intrusion detection, with chapters on intrusion
      types, methods, process, and detection methods. It isn't very useful.

      Phase four reviews incident response, but rather vaguely.

      Phase five concerns the post-mortem reflection. The chapter on
      documentation has some useful material on the contents of after-action
      reports, but the rest of the content is unfocussed and generic.

      It is not quite true to say that the book is unstructured: it has a
      structure, but either does not follow it, or does not usefully employ
      it. Those without a security background will find it hard to build a
      useful or working framework from the material in this book. Those
      with such a background will eventually find that the parts of the book
      do fit neatly, if not logically, into the common framework. However,
      those with such a background will have no need for this work.

      copyright Robert M. Slade, 2002 BKISPTGE.RVW 20020823

      rslade@... rslade@... slade@... p1@...
      Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
      Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
      November 25, 2002 November 29,2002 Toronto, ON, Canada
      December 16, 2002 December 20,2002 San Francisco, CA
      February 10, 2003 February 14, 2003 St. Louis, MO

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Any sufficiently advanced technology is indistinguishable from magic
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.