REVIEW: "Securing Information and Communications Systems", Steven Furnell et al
- BKSCINCS.RVW 20081123
"Securing Information and Communications Systems", Steven Furnell et
al, 2008, 978-1-59693-228-9, U$109.00
%A Steven Furnell www.cisnr.org info@...
%A Sokratis Katsikas
%A Javier Lopez
%A Ahmed Patel
%C 685 Canton St., Norwood, MA 02062
%G 978-1-59693-228-9 1-59693-228-7
%I Artech House/Horizon
%O U$109.00 617-769-9750 fax: 617-769-6334 artech@...
%O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P 362 p.
%T "Securing Information and Communications Systems"
The preface states that the book is based on an idea which arose from
work directed towards a specific conference or course, but does not
really specify what the idea, or the subject of the course, was.
Chapter one, an introduction, notes the increasing importance of
information security, and lists topics which seem to cover most of the
field except for business continuity and physical security.
Chapter two is a vague and disorganized overview of some generic
concepts of security. Security management, in chapter three, is
limited to an attempt to apply the PDCA (the Deming/Shewart Plan-Do-
Check-Act) model to process management, but the illustration material
is unclear. (There is also a brief mention of business continuity
planning.) A list of the standard means of authentication is given in
chapter four. Some of the usual models of access control are
catalogued in chapter five. (Although "authorization" is specifically
mentioned in the chapter title, the text does not really address the
issue. The figures purporting to explain the Bell-LaPadula and Biba
models are pretty much incomprehensible.) Some threats and tools
related to database security are noted in chapter six. Chapter seven
outlines some of the basic concepts of cryptography, but in a fairly
abstract fashion. Most of the material on network security, in
chapter eight, is a listing of tools. Some content is misleading: a
list of VPN (Virtual Private Network) protocols fails to note that
none of those included have any provisions for encryption or
authentication. Chapter nine fills some of the gaps in seven, by
raising some factors involved in a hierarchical model of PKI (Public
Key Infrastructure). A few aspects of tokens and smart cards are
discussed in chapter ten. Random thoughts on privacy and privacy
supporting technologies are in eleven. Chapter twelve looks, somewhat
disjointedly, at various types of Web filtering, but the promised
legal issues aren't really covered. Some functions of an
investigation into a computer incident are reviewed in chapter
thirteen. Chapter fourteen purports to propose a holistic approach to
IT and communications security, but instead is a series of abstract
and epistemological musings with little practical use. The formal
requirements for a voting system are noted in chapter fifteen, but
there is no actual system or any analysis of such. Chapter sixteen is
ostensibly a serverless, peer-to-peer wiki system, but at heart is
actually just a normal authentication system such as Kerberos: the
problems noted at the beginning of the article are simply moved one
As a general introduction to or outline of security the work does not
have the scope and detail of "Computer Security: Principles and
Practice" by William Stallings and Lawrie Brown (cf. BKCMSCPP.RVW), or
any of a number of other general works. In terms of specific,
detailed, or recent research, the "Information Security Management
Handbook" (cf. BKINSCMH.RVW) has much greater depth and range.
copyright Robert M. Slade, 2008 BKSCINCS.RVW 20081123
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
The universe is full of magical things, patiently waiting for
our wits to grow sharper. - Eden Phillpotts