Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Securing Information and Communications Systems", Steven Furnell et al

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKSCINCS.RVW 20081123 Securing Information and Communications Systems , Steven Furnell et al, 2008, 978-1-59693-228-9, U$109.00 %A Steven Furnell
    Message 1 of 1 , Dec 15, 2008
    • 0 Attachment
      BKSCINCS.RVW 20081123

      "Securing Information and Communications Systems", Steven Furnell et
      al, 2008, 978-1-59693-228-9, U$109.00
      %A Steven Furnell www.cisnr.org info@...
      %A Sokratis Katsikas
      %A Javier Lopez
      %A Ahmed Patel
      %C 685 Canton St., Norwood, MA 02062
      %D 2008
      %G 978-1-59693-228-9 1-59693-228-7
      %I Artech House/Horizon
      %O U$109.00 617-769-9750 fax: 617-769-6334 artech@...
      %O http://www.amazon.com/exec/obidos/ASIN/1596932287/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1596932287/robsladesin03-20
      %O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
      %P 362 p.
      %T "Securing Information and Communications Systems"

      The preface states that the book is based on an idea which arose from
      work directed towards a specific conference or course, but does not
      really specify what the idea, or the subject of the course, was.
      Chapter one, an introduction, notes the increasing importance of
      information security, and lists topics which seem to cover most of the
      field except for business continuity and physical security.

      Chapter two is a vague and disorganized overview of some generic
      concepts of security. Security management, in chapter three, is
      limited to an attempt to apply the PDCA (the Deming/Shewart Plan-Do-
      Check-Act) model to process management, but the illustration material
      is unclear. (There is also a brief mention of business continuity
      planning.) A list of the standard means of authentication is given in
      chapter four. Some of the usual models of access control are
      catalogued in chapter five. (Although "authorization" is specifically
      mentioned in the chapter title, the text does not really address the
      issue. The figures purporting to explain the Bell-LaPadula and Biba
      models are pretty much incomprehensible.) Some threats and tools
      related to database security are noted in chapter six. Chapter seven
      outlines some of the basic concepts of cryptography, but in a fairly
      abstract fashion. Most of the material on network security, in
      chapter eight, is a listing of tools. Some content is misleading: a
      list of VPN (Virtual Private Network) protocols fails to note that
      none of those included have any provisions for encryption or
      authentication. Chapter nine fills some of the gaps in seven, by
      raising some factors involved in a hierarchical model of PKI (Public
      Key Infrastructure). A few aspects of tokens and smart cards are
      discussed in chapter ten. Random thoughts on privacy and privacy
      supporting technologies are in eleven. Chapter twelve looks, somewhat
      disjointedly, at various types of Web filtering, but the promised
      legal issues aren't really covered. Some functions of an
      investigation into a computer incident are reviewed in chapter
      thirteen. Chapter fourteen purports to propose a holistic approach to
      IT and communications security, but instead is a series of abstract
      and epistemological musings with little practical use. The formal
      requirements for a voting system are noted in chapter fifteen, but
      there is no actual system or any analysis of such. Chapter sixteen is
      ostensibly a serverless, peer-to-peer wiki system, but at heart is
      actually just a normal authentication system such as Kerberos: the
      problems noted at the beginning of the article are simply moved one
      stage back.

      As a general introduction to or outline of security the work does not
      have the scope and detail of "Computer Security: Principles and
      Practice" by William Stallings and Lawrie Brown (cf. BKCMSCPP.RVW), or
      any of a number of other general works. In terms of specific,
      detailed, or recent research, the "Information Security Management
      Handbook" (cf. BKINSCMH.RVW) has much greater depth and range.

      copyright Robert M. Slade, 2008 BKSCINCS.RVW 20081123

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      The universe is full of magical things, patiently waiting for
      our wits to grow sharper. - Eden Phillpotts
      victoria.tc.ca/techrev/rms.htm blogs.securiteam.com/index.php/archives/author/p1/
    Your message has been successfully submitted and would be delivered to recipients shortly.