Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "International IT Governance", Alan Calder/Steve Watkins

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKINITGV.RVW 20061106 International IT Governance , Alan Calder/Steve Watkins, 2006, 0-7494-4748-6, U$80.00/UK#45.00 %A Alan Calder www.27001.com %A
    Message 1 of 1 , Dec 13, 2006
    • 0 Attachment
      BKINITGV.RVW 20061106

      "International IT Governance", Alan Calder/Steve Watkins, 2006,
      0-7494-4748-6, U$80.00/UK#45.00
      %A Alan Calder www.27001.com
      %A Steve Watkins
      %C 120 Pentonville Rd, London, UK, N1 9JN
      %D 2006
      %G 0-7494-4748-6
      %I Kogan Page Ltd.
      %O U$80.00/UK#45.00 +44-020-7278-0433 kpinfo@...
      %O http://www.amazon.com/exec/obidos/ASIN/0749447486/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0749447486/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0749447486/robsladesin03-20
      %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 366 p.
      %T "International IT Governance: An Executive Guide to ISO
      17799/ISO 27001"

      Chapter one lists various threats. A minimal explanation of the US
      Sarbanes-Oxley law is in chapter two. A muddled description of ISO
      17799 and 27001 is in chapter three. Chapter four lists bits of a
      possible security management project. A generic statement about
      security policies is in chapter five. Chapter six contains a verbose
      but sketchy outline of risk assessment.

      The risk of external users is discussed in chapter seven. Although
      the title of chapter eight suggests it deals with assets, most of the
      material concentrates on classification. Various aspects of
      employment are listed in chapter nine. Random topics to do with
      facility physical security are in chapter ten, and equipment
      protection in eleven. Chapter twelve is entitled "Communications and
      Operations Management" and instead talks about contracts.

      Viruses are examined (poorly) in chapter thirteen, along with a brief
      mention of backups. Fourteen has another odd pairing: network
      security and media handling (both treated very tersely). "Exchanges
      of information," in fifteen, seems to mean email. Certain aspects of
      electronic commerce are mentioned in sixteen. Email gets another
      review in seventeen.

      There is a surprisingly reasonable outline of access control (with an
      odd inclusion of blackhat activities) in chapter eighteen. Chapter
      nineteen turns to network access control, with "operating system"
      access control in twenty, and a weird amalgam titled "application
      access control and teleworking," in twenty-one.

      System development is the topic of chapter twenty-two. Cryptography
      gets an extremely terse overview in twenty-three. Development comes
      back for a second try in twenty-four. Audit and logging is listed in
      twenty-five and business continuity in twenty-six. "Compliance," in
      twenty-seven, simply catalogues various laws. Chapter twenty-eight
      finishes off with a short description of what to expect in an ISO/IEC
      27001 audit.

      The text has a Web component to it, and this is referred to in a
      number of places in the work. It should be noted that this Web
      component is also promoted, in the publication, as a general security
      management portal (unrelated to the book). However, it is, in fact,
      the Website of the consultancy run by one of the authors. The files
      available on the site do not deliver the promised information: first,
      the files, when you do get to download them, lack any indication as to
      type, and when you finally find out which file format they are (mostly
      PDFs, with a few XLSs) the contents are generally of the marketing
      brochure level, advising you to buy further materials from the site.

      The book is somewhat less verbose and turgid than the earlier "IT
      Governance" (cf. BKITGVRN.RVW), but is astoundingly similar in many
      ways. The quality of technical information is inconsistent and
      suspect, and the structure is random. Managers will not find
      guidance in regard to the management of security within information
      systems, nor about ISO 17799/27001.

      copyright Robert M. Slade, 2006 BKINITGV.RVW 20061106


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      I have often stood there and looked out upon my past life and
      upon the different surroundings which have exercised their power
      upon me: and the pettiness which so often gives offense in life,
      the numerous misunderstandings too often separating minds which
      if they properly understood one another would be bound together
      by indissoluble ties, vanished before my gaze. - Soren Kierkegaard
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
      http://victoria.tc.ca/techrev/rms.htm
    Your message has been successfully submitted and would be delivered to recipients shortly.