Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "How to Cheat at Managing Information Security", Mark Osborne

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKHTCMIS.RVW 20080219 How to Cheat at Managing Information Security , Mark Osborne, 2006, 1-59749-110-1, U$39.95/C$51.95 %A Mark Osborne www.interoute.com
    Message 1 of 1 , Jun 12, 2008
      BKHTCMIS.RVW 20080219

      "How to Cheat at Managing Information Security", Mark Osborne, 2006,
      1-59749-110-1, U$39.95/C$51.95
      %A Mark Osborne www.interoute.com
      %C 800 Hingham Street, Rockland, MA 02370
      %D 2006
      %G 1-59749-110-1
      %I Syngress Media, Inc.
      %O U$39.95/C$51.95 781-681-5151 www.syngress.com amy@...
      %O http://www.amazon.com/exec/obidos/ASIN/1597491101/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1597491101/robsladesin03-20
      %O Audience i Tech 2 Writing 2 (see revfaq.htm for explanation)
      %P 315 p.
      %T "How to Cheat at Managing Information Security"

      The introduction states that this book is intended to cover the basic
      concepts of information security, and fundamental information about
      the tools involved.

      Chapter one discusses where the security function should be placed in
      organizational structures. What is a policy is, and isn't, as well as
      what it does and does not do, is reviewed in chapter two. Some basic
      terms and concepts are described in chapter three, although the level
      of the material varies quite a bit. Chapter four looks at some UK and
      US laws related to information security. Terse (but, within limits,
      realistic) comments on some of the major and popular security
      frameworks are provided in chapter five.

      Chapter six is a set of anecdotes from some really bad job interviews.
      Osborne uses a lot of anecdotes, at least one at the beginning of
      every chapter. The stories are amusing, but really don't serve to
      support or cement any of the security points under discussion.

      Chapter seven outlines some security aspects of network topology. The
      advice is decent, but there are too many diagrams that are poorly
      explained. Firewall concepts are presented in chapter eight, but
      largely from a vendor perspective. Chapter nine takes a much more
      realistic look at intrusion detection systems than is usually the
      case, noting that the devices are not a panacea for security overall
      and require a number of factors that are seldom noted in the general
      literature. More details of implementing the technology are given in
      chapter ten. Chapter eleven, I am delighted to see, addresses the
      difficulty in defining the term "intrusion prevention system," and
      then goes on to list the variety of technologies that may exist under
      that banner. The practicalities and problems of penetration testing
      are examined in chapter twelve. Some application security issues are
      briefly described in chapter thirteen.

      While not a complete guide to information security, this book does
      provide a solid starting point, and useful tips that are often missed
      in a number of the works that have been thrown on the security
      bandwagon. I would not have a problem in recommending it to those who
      are in the initial stages of securing their own networks, as long as
      they have a basic knowledge of system administration.

      copyright Robert M. Slade, 2008 BKHTCMIS.RVW 20080219

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      It can be shown that for any nutty theory, beyond-the-fringe
      political view or strange religion there exists a proponent on
      the Net. The proof is left as an exercise for your kill-file.
      - Bertil Jonell
    Your message has been successfully submitted and would be delivered to recipients shortly.