Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Inside the Security Mind", Kevin Day

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKINSCMI.RVW 20030321 Inside the Security Mind , Kevin Day, 2003, 0-13-111829-3, U$44.99/C$69.99 %A Kevin Day %C One Lake St., Upper Saddle River, NJ
    Message 1 of 1 , May 2, 2003
      BKINSCMI.RVW 20030321

      "Inside the Security Mind", Kevin Day, 2003, 0-13-111829-3,
      %A Kevin Day
      %C One Lake St., Upper Saddle River, NJ 07458
      %D 2003
      %G 0-13-111829-3
      %I Prentice Hall
      %O U$44.99/C$69.99 +1-201-236-7139 fax: +1-201-236-7131
      %O http://www.amazon.com/exec/obidos/ASIN/0131118293/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0131118293/robsladesin03-20
      %P 309 p.
      %T "Inside the Security Mind: Making the Tough Decisions"

      I am quite sympathetic to the idea that the realization of a security
      mindset or attitude (I frequently refer to it as professional
      paranoia) is more important to attaining security than isolated
      technical skills. I'm sorry to say that this work is not likely to
      help you find, attain, or assess that protection perspective.

      Right from the beginning of the book, readers will find a flavour of
      eastern philosophy, and even mysticism, to it. There are four
      virtues, an eight-fold path, and even repeated injunctions for the
      reader to keep an "open mind"--a phrase which those who have conversed
      with devotees of the Buddhist faith will find rather familiar.

      Unfortunately, chapter one seems to demonstrate that Day is bringing
      us only a newage vagueness in his description of the security mind.
      We are to rid ourselves of negative thoughts, and follow fundamental
      virtues, which we haven't been given yet. Computer security is only a
      decade old, we are told in chapter two, and constantly changing, and
      expensive, and there are few practitioners, and lots of bad guys out
      there, and we are paralyzed by fear--but we have nothing to fear but
      fear itself! Chapter three finally lists the four virtues for us:
      security is ongoing, a group effort, requires a generic approach, and
      is dependent upon education. I don't disagree with any of these
      points (other than the philological debate about whether they should
      be called virtues), and neither would any other security professional.
      However, they don't really provide us with much in the way of help.
      Eight security "rules," in chapter four, list principles such as
      "least privilege," which are also commonly known in security work.

      Chapter five is supposed to tell us how to develop a security mind,
      but actually seems to be an exercise in wishful thinking. If the
      world were neatly divided into safe and unsafe zones, and if our
      systems all worked perfectly and in correspondence with our users'
      known requirements, and if everyone that we trusted were completely
      competent in regard to their own defence, security would be much
      easier. Decision-making is likewise simplistically seen to be
      supported by the virtues and rules, in chapter six. There is a
      superficial overview of blackhats and vulnerabilities in chapter
      seven. Chapter eight has a standard review of risk analysis. Vague
      ideas on hiring security, and some thoughts on outsourcing, are in
      chapter nine. The author gives his opinion on some security tools in
      chapter ten. Chapter eleven is another attempt to prove that the
      rules can be used. We are given a final adjuration to change our
      attitudes in chapter twelve.

      Basically, this book is yet another attempt to write a general
      security guide, without first ensuring that the material is
      structured, sound, complete, or useful.

      copyright Robert M. Slade, 2003 BKINSCMI.RVW 20030321

      rslade@... rslade@... slade@... p1@...
      "If you do buy a computer, don't turn it on." - Richards' 2nd Law
      ============= for back issues:
      [Base URL] site http://victoria.tc.ca/techrev/
      or mirror http://sun.soci.niu.edu/~rslade/
      CISSP refs: [Base URL]mnbksccd.htm
      Security Dict.: [Base URL]secgloss.htm
      Security Educ.: [Base URL]comseced.htm
      Book reviews: [Base URL]mnbk.htm
      [Base URL]review.htm
      Partial/recent: http://groups.yahoo.com/group/techbooks/
      Security Educ.: http://groups.yahoo.com/group/comseced/
      Review mailing list: send mail to techbooks-subscribe@egroups.com
    Your message has been successfully submitted and would be delivered to recipients shortly.