Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Enterprise Information Systems Assurance and System Security", Merrill Warkentin/Rayford Vaughn

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKEISASS.RVW 20080207 Enterprise Information Systems Assurance and System Security , Merrill Warkentin/Rayford Vaughn, 2006, 1-59140-912-8, U$74.95 %E
    Message 1 of 1 , May 23, 2008
      BKEISASS.RVW 20080207

      "Enterprise Information Systems Assurance and System Security",
      Merrill Warkentin/Rayford Vaughn, 2006, 1-59140-912-8, U$74.95
      %E Merrill Warkentin mwarkentin@...
      %E Rayford Vaughn
      %C Suite 200 701 E. Chocolate Ave., Hershey, PA 17033-1117
      %D 2006
      %G 1-59140-912-8
      %I IRM Press/Idea Group/IGI Global
      %O U$74.95 800-345-432 717-533-8845 cust@...
      %O http://www.amazon.com/exec/obidos/ASIN/1591409128/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1591409128/robsladesin03-20
      %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 406 p.
      %T "Enterprise Information Systems Assurance and System Security"

      This book is a collection of papers on various topics in information
      security, divided into five subject areas. There are a number of
      similar works, such as the highly regarded Information Security
      Management Handbook (cf. BKINSCMH.RVW), and the somewhat lower quality
      "Computer Security Handbook" (cf. BKCMSCHB.RVW)

      The first section of the work is supposedly devoted to security policy
      and management. Three of the papers are unstructured (and
      surprisingly terse) collections of thoughts on various themes related
      to security management (and some stories of work experiences retailed
      as "case studies"): one examines malware protection and basically
      suggests that you have virus scanning on the desktop, server, and
      network gateway. "Security Implications for Business" doesn't sound
      like it would be easy to define, other than saying risks are bad, so
      the fact that much of the material in the second section is similarly
      vague and disorganized is no surprise. What is startling is that we
      get some actual details on documents related to the Sarbanes-Oxley
      legislation, a review of Web commerce threats, and the recommendation
      to use decentralization as a measure to build business continuity.
      Security engineering should be more definitive, so the generic nature
      of four of the five papers in section three is more disappointing.
      The paper on securing wireless networks isn't great, but it is, at
      least, useful. Part four takes brief looks at intrusion detection
      technologies, honeynets, an even worse than usual view of
      steganography, some aspects of database security, and digital
      forensics. Of the three papers in the final section, only one
      contains a decent overview of the topic of authentication.

      Most of the material in this book is vague, generic, undetailed, and
      of very questionable value. In addition to those mentioned above,
      Anderson's "Security Engineering" (cf. BKSECENG.RVW), Stallings'
      "Computer Security: Principles and Practice" (cf. BKCMSCPP.RVW), and
      Stamp's "Information Security: Principles and Practice" (cf.
      BKINSCPP.RVW) all provide more complete, detailed, accurate, and
      useful coverage of security management and assurance.

      copyright Robert M. Slade, 2008 BKEISASS.RVW 20080207

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      [T]here was nothing illegal about [the Psychic Network], provided
      that the ads hawking it clearly acknowledge, in the finest of
      print, that the entire enterprise is `for entertainment only.'
      Such logic is interesting, as it apparently means that I could
      label the proprietors of such services as charlatans, bunko
      artists and general rat finks without fear of legal action, as
      long as I included the disclaimer that my comments were for
      entertainment only ... - Steve Mirsky
    Your message has been successfully submitted and would be delivered to recipients shortly.