[ISN] REVIEW: "Time based Security", Winn Schwartau (repost)

From: mea culpa (jerichoat_private)
Date: Sun Mar 07 1999 - 23:16:43 PST

  • Next message: mea culpa: "[ISN] Phil-Sec: Call for Papers: CQRE"

    [moderator: sorry about that, hit send before finishing]
    
    0672313413.RVW   990305
    
    "Time Based Security", Winn Schwartau, 1998, 0-672-31341-3,
    U$49.99/C$70.95/UK#46.95
    %A   Schwartau, Winn
    %C   n/a
    %D   1999
    %E   n/a
    %G   0-9628700-4-8
    %I   Interpact Press
    %O   U$25.00/C$37.00 813.393.6600 http://www.infowar.com/tbs/
    %P   174 p.
    %T   "Time Based Security, Practical and Provable Methods to
          Protect Enterprise and Infrastructure, Networks and Nation"
    
    What is TBS (Time Based Security)? TBS is defined by the author as "a
    non-technical examination of the very foundation of the technical
    realities of the networked society. It is designed for a wide audience
    with varying skill sets, backgrounds and business needs." Unfortunately,
    the title's use of "practical and provable methods to protect enterprise
    and infrastructure, networks and nation" implies (to me) that the book
    will cover practical and applicable solutions to the problems pointed out.
    Rather than presenting solutions, the author gives a high level diagnosis
    of the problem, as well as simple-to-use equations for determining how it
    affects your organization. 
    
    The first fourteen chapters (each chapter averages 4.5 pages) go into the
    description and foundation of TBS. Schwartau calls on well grounded and
    practical examples to convey the importance of utilizing a security plan
    that utilizes TBS. From the foundation, simple equations are designed to
    contrast the importance of Protection, Detection, and Reaction (the key
    elements of TBS). 
    
    The next few chapters go into various security concepts and how they apply
    to a TBS model. Starting with 'Defense in Depth' (Chapter 17), Schwartau
    applies practical examples to his TBS equations and shows how to factor in
    elements such as multi layered security. Unfortunately, these chapters
    (especially 'SequentialTime-Based Security' [Chapter 18]), are extremely
    short and lack the description needed to adequately convey their
    importance. 
    
    The remaining chapters cover a wider variety of topics and expand past the
    TBS model a bit more. Some of these topics are Reaction Channels, TBS
    Reaction Matrices & Empowerment, and Using TBS in Protection.
    
    Overview: While TBS presents a great overview of the concepts and effects
    of Time based Security, it does not present a grounded practical method
    for implementing these ideas into a working network. Technical people
    reading this book will no doubt question the book's claims of it being
    "your handbook for protecting intangible things of value that have no
    physical substance." Management and non-technical people however, should
    definitely read this book. Schwartau cites easy to use examples and
    layman's terms to explain the risks your network suffers. 
    
    
    review by: Brian Martin <jerichoat_private>
    
    
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:20:24 PDT