(no subject)

From: mea culpa (jerichoat_private)
Date: Sun Mar 07 1999 - 22:09:26 PST

  • Next message: mea culpa: "[ISN] REVIEW: "Time based Security", Winn Schwartau (repost)"

    0962870048.RVW   990214
    "Time Based Security", Winn Schwartau, 1998, 0-672-31341-3,
    %A   Schwartau, Winn
    %C   n/a
    %D   1999
    %E   n/a
    %G   0-9628700-4-8
    %I   Interpact Press
    %O   U$25.00/C$37.00 813.393.6600 http://www.infowar.com/tbs/
    %P   174 p.
    %T   "Time Based Security, Practical and Provable Methods to
          Protect Enterprise and Infrastructure, Networks and Nation"
    What is TBS (Time Based Security)? TBS is defined by the author as "a 
    non-technical examination of the very foundation of the technical realities 
    of the networked society. It is designed for a wide audience with varying 
    skill sets, backgrounds and business needs." Unfortunately, the title's use
    of "practical and provable methods to protect enterprise and infrastructure, 
    networks and nation" implies (to me) that the book will cover practical and applicable 
    solutions to the problems pointed out. Rather than presenting solutions,
    the author gives a high level diagnosis of the problem, as well as simple-to-use
    equations for determining how it affects your organization.
    The first fourteen chapters (each chapter averages 4.5 pages) go into
    the description and foundation of TBS. Schwartau calls on well grounded and
    practical examples to convey the importance of utilizing a security plan
    that utilizes TBS. From the foundation, simple equations are designed to
    contrast the importance of Protection, Detection, and Reaction (the key elements
    of TBS).
    The next few chapters go into various security concepts and how they
    apply to a TBS model. Starting with 'Defense in Depth' (Chapter 17), Schwartau
    applies practical examples to his TBS equations and shows how to factor in
    elements such as multi layered security. Unfortunately, these chapters (especially
    'SequentialTime-Based Security' [Chapter 18]), are extremely short and lack
    the description needed to adequately convey their importance.
    The remaining chapters cover a wider variety of topics and expand past the
    TBS model a bit more. Some of these topics are Reaction Channels, TBS Reaction 
    Matrices & Empowerment, and Using TBS in Protection. 
    Overview: While TBS presents a great overview of the concepts and effects of
    Time based Security, it does not present a grounded practical method for implementing
    these ideas into a working network. Technical people reading this book will
    no doubt question the book's claims of it being "your handbook for protecting 
    intangible things of value that have no physical substance." Management and 
    non-technical people however, should definitely read this book. Schwartau cites
    easy to use examples and layman's terms to explain the risks your network suffers.
    review by: Brian Martin <jerichoat_private>
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:20:23 PDT