Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Information Security Architecture", Jan Killmeyer

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKINSEAR.RVW 20070125 Information Security Architecture , Jan Killmeyer, 2006, 0-8493-1549-2 %A Jan Killmeyer %C 920 Mercer Street, Windsor, ON N9A
    Message 1 of 1 , Apr 30 4:49 PM
    View Source
    • 0 Attachment
      BKINSEAR.RVW 20070125

      "Information Security Architecture", Jan Killmeyer, 2006,
      0-8493-1549-2
      %A Jan Killmeyer
      %C 920 Mercer Street, Windsor, ON N9A 7C2
      %D 2006
      %G 0-8493-1549-2
      %I Auerbach Publications
      %O +1-800-950-1216 auerbach@... orders@...
      %O http://www.amazon.com/exec/obidos/ASIN/0849315492/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0849315492/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0849315492/robsladesin03-20
      %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 393 p.
      %T "Information Security Architecture"

      The preface to the book seems to indicate an intent to provide a
      taxonomy of security activities under eight (mostly management
      related) "components": infrastructure, policy, risk assessment,
      training, compliance, monitoring, incident response, and business
      continuity. (Those who follow the development of security frameworks
      will notice a strong correlation to the COSO [Committee of Sponsoring
      Organizations of the Treadway Commission] structure.) The "Executive
      Summary" basically does the same thing, at greater length
      (concentrating on the threats to information), and seems to have been
      lifted from the first edition of the book with incomplete
      modifications: the illustrations refer to the original five
      components, and there is a reference to a now non-existent chapter
      twelve.

      Chapter one, on information security architecture, defines it as the
      mechanism for ensuring that all users know what they are responsible
      for in terms of protecting resources, which would seem to put it
      squarely in the "design" camp. (This perspective would seem to be
      consistent with the statement that an architecture has "components.")
      The remainder of the material reinforces the idea of a managed plan
      for implementing security. Infrastructure, in chapter two, is
      addressed primarily in terms of the roles of people within the
      enterprise, and a repeat (from chapter one) of several pages of text
      (and an illustration) outlining the security plan. The elements of a
      security policy, and pointers to sample constituents listed in the
      appendices, are given in chapter three. Aspects of risk analysis is
      mixed with information on random security controls in chapter four.
      Chapter five says the usual things about security awareness and
      training programs. Compliance, in chapter six, is primarily concerned
      with audits. Chapter seven lists some of the problems you may
      encounter in creating a security program, many of which are related to
      a lack of management support. A high-level overview of the structures
      and reports of incident response makes up chapter eight. A final
      admonition to manage security is given in chapter nine.

      The book doesn't really talk about information security architecture.
      There is a general outline of the basic aspects of a security program,
      although the details have numerous gaps. There are a great many such
      general security overview texts, and therefore this volume does not
      address either a specific audience, nor does it contribute anything
      meaningful to the security literature.

      copyright Robert M. Slade, 2007 BKINSEAR.RVW 20070125


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Charm is a way of getting the answer yes without having asked any
      clear question. - Albert Camus
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
      http://victoria.tc.ca/techrev/rms.htm
    Your message has been successfully submitted and would be delivered to recipients shortly.