Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Principles of Information Security", Michael E. Whitman/Herbert J. Mattord

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKPRINSC.RVW 20040531 Principles of Information Security , Michael E. Whitman/Herbert J. Mattord, 2003, 0-619-06318-1 %A Michael E. Whitman %A Herbert
    Message 1 of 1 , Jun 30, 2004
    • 0 Attachment
      BKPRINSC.RVW 20040531

      "Principles of Information Security", Michael E. Whitman/Herbert J.
      Mattord, 2003, 0-619-06318-1
      %A Michael E. Whitman
      %A Herbert J. Mattord
      %C 25 Thomson Place, Boston, MA 02210
      %D 2003
      %G 0-619-06318-1
      %I Thomson Learning Inc.
      %O U$67.95/C$93.17 www.course.com
      %O http://www.amazon.com/exec/obidos/ASIN/0619063181/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0619063181/robsladesin03-20
      %P 532 p.
      %T "Principles of Information Security"

      The introduction, in chapter one, seems to be a compilation of
      security views from a variety of sources. While this could be
      interesting for the experienced professional, the lack of structure
      and guidance is likely to confuse the beginning student, the audience
      at which the book is aimed. Each chapter starts with a fictional
      scenario: the stories do very little to add to the understanding of
      the topic. Review questions and exercises at the end of the chapters
      are generally either simplistic or open-ended. Chapter two lists
      various types of threats and attacks: classifications and groupings
      are unclear and are likely to lead students into erroneous assumptions
      about the different exploits. Most of the textual material on legal
      and ethical issues, in chapter three, deals with (primarily old) US
      laws. Actually, a substantial portion of the chapter is given over to
      screenshots of numerous computer related agencies and organizations.
      Risk management is broken into two chapters, four, which gives a
      pedestrian but not bad overview of analysis and assessment, and five,
      which is another unstructured amalgam of topics, some of which should
      have been covered in four. Chapter six is a wandering discussion of
      policy, spending a lot of space listing the NIST (US National
      Institutes of Standards and Technology) guides. Business continuity
      planning, in chapter seven, concentrates on incident response, and has
      an odd mention of the involvement of law enforcement. Chapter eight
      lists network security tools and also has simplistic coverage of
      cryptography, extended with an appendix that gets the mathematics of
      asymmetric encryption mostly right, but the implementation seriously
      wrong. Physical security is dealt with reasonably well in chapter
      nine, although the fire suppression content may be confusing. Generic
      project planning advice is in chapter ten. Chapter eleven's review of
      personnel security lists job titles, security related certifications,
      and some general principles. Security maintenance, in chapter twelve,
      is limited to patch and change management as well as risk re-
      assessment advice that probably should have been included with chapter

      An introductory security text need not contain the depth, or even
      breadth, of a reference for professionals. However, this one could
      use a lot more structure in the presentation of the content, and more
      than a little care with facts and implications.

      copyright Robert M. Slade, 2004 BKPRINSC.RVW 20040531

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Some people think I am naive and apathetic.
      I simply don't know what they mean, and I really don't care.
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.