Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Securing Business Information", F. Christian Byrnes/Dale Kutnick

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKSEBUIN.RVW 20020916 Securing Business Information , F. Christian Byrnes/Dale Kutnick, 2002, 0-201-76735-X, U$39.99/C$59.95 %A F. Christian Byrnes %A
    Message 1 of 1 , Jan 8, 2003
      BKSEBUIN.RVW 20020916

      "Securing Business Information", F. Christian Byrnes/Dale Kutnick,
      2002, 0-201-76735-X, U$39.99/C$59.95
      %A F. Christian Byrnes
      %A Dale Kutnick
      %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
      %D 2002
      %G 0-201-76735-X
      %I Addison-Wesley Publishing Co.
      %O U$39.99/C$59.95 416-447-5101 fax: 416-443-0948
      %O http://www.amazon.com/exec/obidos/ASIN/020176735X/robsladesinterne
      %P 237 p.
      %T "Securing Business Information: Strategies to Protect the
      Enterprise and Its Network"

      The preface addresses how to keep data secure in a distributed
      environment. Chapter one tells us that the first thing to do is
      prepare the organization for changes, then that the first thing to do
      is to write a policy, then that the first thing to do is get a strong
      base of support among the executives, then that the first thing to do
      is market the idea to executives and users, then that the first thing
      to do is to build an effective organizational structure. The material
      meanders through a kind of utopian view of what a mission statement
      and organization chart should be before settling into a promotion of
      political and marketing campaign strategies to sell security to the
      executives. The asset identification portion of risk analysis is
      covered in chapter two. A multi-dimensional and not-quite-orthogonal
      set of domains for classifying resources is overly complex, but may
      help you to identify holdings that are generally unregarded. At first
      chapter three seems to be proceeding with risk analysis, but then it
      veers into policies (if you consider benchmarks equivalent to
      policies). Similarly, chapter four seems to start out with risk
      analysis, and then moves to safeguards, and then moves into business
      impact analysis. Risk analysis *finally* gets a (somewhat incomplete)
      explanation in chapter five, which then moves on to cost/benefit
      analysis, then cultural (political) considerations. Chapter six
      suggests that you rank, select, and market the necessary projects
      identified by the analysis. Small companies may wish to shorten the
      process by doing the above four times over, states chapter seven.
      Chapter eight recommends having a strategy for changing technology. A
      grab bag of security technologies is in chapter nine, which is
      particularly poor in regard to viruses. Chapter ten provides two
      fictional "case studies," and eleven lists the followup projects from
      them. Role-based access control is promoted in chapter twelve, while
      chapter thirteen does the same for "single sign-on."

      "Pitiful" is the only word that can be used to describe the

      Yet another book that attempts to provide a quick review of all of
      security--and fails.

      copyright Robert M. Slade, 2002 BKSEBUIN.RVW 20020916

      rslade@... rslade@... slade@... p1@...
      Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
      Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
      February 10, 2003 February 14, 2003 St. Louis, MO
      March 31, 2003 April 4, 2003 Indianapolis, IN
    Your message has been successfully submitted and would be delivered to recipients shortly.