Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "The History of Information Security", Karl de Leeuw/Jan Bergstra

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKHISCCH.RVW 20081020 The History of Information Security , Karl de Leeuw/Jan Bergstra, 2007, 978-0-444-51608-4 %E Karl de Leeuw karl.de.leeuw@xs4all.nl
    Message 1 of 1 , Dec 4, 2008
    • 0 Attachment
      BKHISCCH.RVW 20081020

      "The History of Information Security", Karl de Leeuw/Jan Bergstra,
      2007, 978-0-444-51608-4
      %E Karl de Leeuw karl.de.leeuw@...
      %E Jan Bergstra
      %C 256 Banbury Road, Oxford, OX2 7DH
      %D 2007
      %G 978-0-444-51608-4
      %I Elsevier Advanced Technology
      %O +44 865 512242 Fax: +44 865 310981 books.elsevier.com
      %O http://www.amazon.com/exec/obidos/ASIN/0444516085/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0444516085/robsladesin03-20
      %O Audience i Tech 1 Writing 2 (see revfaq.htm for explanation)
      %P 887 p.
      %T "The History of Information Security: A Comprehensive Handbook"

      Chapter one, which stands in for an introduction to the papers in this
      volume, already notes that the title is inaccurate. The editor admits
      that this work is not a history, as such, but an overview from the
      perspective of different disciplines related to information security,
      taking a historical approach in examining the socio-political shaping
      of infosec. The authors ask whether technology influenced public
      policy and politics, and look for information security strategies (or
      the lack thereof) in politics. I found the selection of references
      disquieting, noting that the editor responsible for the choice of
      papers complained that there was no historical material addressing
      industrial espionage, administrative practices, disruption of
      communications with criminal intent, or other areas. No mention is
      made, in the references, to the works of Stamp (cf. BKINSCPP.RVW),
      Winkler (cf. BKCRPESP.RVW, BKSPAMUS.RVW), or Denning (cf.
      BKDENING.RVW) to name just a few.

      I can agree with the emphasis on social aspects of security: security
      is, and always has been, a people problem. Information security,
      however, necessarily involves technology, and the authors of most of
      the papers included in this collection have concentrated so much on
      history (mostly in the form of dates and political rivalries) that the
      questions of influence of technology on politics, or politics on
      technology, can't really be analyzed. Additionally, enormous topical
      areas relevant to information security (such as risk management,
      intrusion detection, cryptographic infrastructure (PKI), physical
      security, computer architecture, application development, and malware)
      are notable by their absence.

      Part one addresses intellectual property. Essay subjects include
      various forms of censorship and self-censorship (with no mention of
      the "full disclosure" debate), the German patent system, copyright,
      and the application of copyright and patent to software.

      Part two looks at items related to identity management, with a highly
      abstract and impractical philosophy of identity, notes on document
      security, a review of identity cards, and a recent history of

      Although entitled "Communications Security," part three is about
      cryptography. The papers on Renaissance (1400-1650) and Dutch (up to
      1800) cryptography, British postal interception up until the 1700s,
      the KGB crypto office, and the NSA (US National Security Agency) are
      of primarily political interest. The articles on rotor cryptography,
      Colossus, and the Hagelin machines have points of curiosity, but are
      still very thin on technical details. A final essay attempts a very
      terse overview of modern cryptographic concepts.

      Computer security is in part four. Early US military evaluation
      standards, some of the basic formal information security models, an
      academic look at application security and auditing, a rough division
      of recent information technology into decade "periods," an equally
      unpolished history of Internet security, and a scattered review of
      computer crime make up this section.

      For some reason questions of privacy and regulations governing the
      export of cryptography are seen to fit together in part five. Three
      papers present US cryptographic export restrictions, a random and not
      completely successful attempt to define privacy, and various US
      undertakings at regulating the use of encryption.

      Part five can't have been lumped together simply due to a lack of
      articles, since part six is a single piece providing a limited and
      incomplete overview of information warfare.

      As a book this volume is disappointing. It is not "a history," merely
      a collection of papers, with little structure or linkage. The topics
      relate to security, but a work on infosec should have more technical
      content and understanding. It is certainly not comprehensive. And,
      at several kilograms in weight, it bears little resemblance to a

      That said, a number of the essays do provide interesting historical
      points, anecdotes, and references. Therefore, those with the stamina
      to work through the material may be rewarded with historical nuggets,
      and pointers to further sources of information.

      copyright Robert M. Slade, 2008 BKHISCCH.RVW 20081020

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Computing Science: the study of the use and sometimes
      construction of digital computers. It is a fashionable,
      interesting, difficult, and perhaps useful activity.
      - Christopher Strachey
      victoria.tc.ca/techrev/rms.htm blogs.securiteam.com/index.php/archives/author/p1/
    Your message has been successfully submitted and would be delivered to recipients shortly.