[ISN] REVIEW: "Time based Security", Winn Schwartau (repost)

From: mea culpa (jerichoat_private)
Date: Sun Mar 07 1999 - 23:16:43 PST

Next message: mea culpa: "[ISN] Phil-Sec: Call for Papers: CQRE"

Previous message: mea culpa: "(no subject)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[moderator: sorry about that, hit send before finishing]

0672313413.RVW   990305

"Time Based Security", Winn Schwartau, 1998, 0-672-31341-3,
U$49.99/C$70.95/UK#46.95
%A   Schwartau, Winn
%C   n/a
%D   1999
%E   n/a
%G   0-9628700-4-8
%I   Interpact Press
%O   U$25.00/C$37.00 813.393.6600 http://www.infowar.com/tbs/
%P   174 p.
%T   "Time Based Security, Practical and Provable Methods to
      Protect Enterprise and Infrastructure, Networks and Nation"

What is TBS (Time Based Security)? TBS is defined by the author as "a
non-technical examination of the very foundation of the technical
realities of the networked society. It is designed for a wide audience
with varying skill sets, backgrounds and business needs." Unfortunately,
the title's use of "practical and provable methods to protect enterprise
and infrastructure, networks and nation" implies (to me) that the book
will cover practical and applicable solutions to the problems pointed out.
Rather than presenting solutions, the author gives a high level diagnosis
of the problem, as well as simple-to-use equations for determining how it
affects your organization. 

The first fourteen chapters (each chapter averages 4.5 pages) go into the
description and foundation of TBS. Schwartau calls on well grounded and
practical examples to convey the importance of utilizing a security plan
that utilizes TBS. From the foundation, simple equations are designed to
contrast the importance of Protection, Detection, and Reaction (the key
elements of TBS). 

The next few chapters go into various security concepts and how they apply
to a TBS model. Starting with 'Defense in Depth' (Chapter 17), Schwartau
applies practical examples to his TBS equations and shows how to factor in
elements such as multi layered security. Unfortunately, these chapters
(especially 'SequentialTime-Based Security' [Chapter 18]), are extremely
short and lack the description needed to adequately convey their
importance. 

The remaining chapters cover a wider variety of topics and expand past the
TBS model a bit more. Some of these topics are Reaction Channels, TBS
Reaction Matrices & Empowerment, and Using TBS in Protection.

Overview: While TBS presents a great overview of the concepts and effects
of Time based Security, it does not present a grounded practical method
for implementing these ideas into a working network. Technical people
reading this book will no doubt question the book's claims of it being
"your handbook for protecting intangible things of value that have no
physical substance." Management and non-technical people however, should
definitely read this book. Schwartau cites easy to use examples and
layman's terms to explain the risks your network suffers. 


review by: Brian Martin <jerichoat_private>




-o-
Subscribe: mail majordomoat_private with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

Next message: mea culpa: "[ISN] Phil-Sec: Call for Papers: CQRE"
Previous message: mea culpa: "(no subject)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:20:24 PDT