[ISN] REVIEW: "Internet and Intranet Security Management", Lech Janczewski

From: InfoSec News (isnat_private)
Date: Thu Jan 09 2003 - 22:44:13 PST

  • Next message: InfoSec News: "[ISN] Vatican warning on danger of 'online confession'"

    Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private>
    BKIISMRS.RVW   20020825
    "Internet and Intranet Security Management", Lech Janczewski, 2000,
    1-878-28971-3, U$69.95
    %E   Lech Janczewski
    %C   1331 E. Chocolate Ave., Hershey, PA   17033-1117
    %D   2000
    %G   1-878-28971-3
    %I   IRM Press/Idea Group
    %O   U$69.95 800-345-432 fax: 717-533-8661 cust@idea-group.com
    %O  http://www.amazon.com/exec/obidos/ASIN/1878289713/robsladesinterne
    %P   302 p.
    %T   "Internet and Intranet Security Management: Risks and Solutions"
    There is a heavy emphasis, in the preface, on the book's being up to
    date.  Yet the very first article relies on survey data that was three
    years old at the time the essay was written.
    Part one supposedly talks about the state of the (security, one
    assumes) art.  Chapter one is a vague and superficial look at random
    topics and technology related to security, plus results of the
    aforementioned opinion poll.  A list of Internet security problems,
    and solutions that are not connected to the difficulties, make up
    chapter two.
    Part two deals with managing Internet security.  Chapter three has
    terse descriptions of a number of theories of trust, related to some
    generic security concepts.  There are brief overviews of the TCSEC
    (Trusted Computer System Evaluation Criteria), Common Criteria, and
    not-really-the-BS7799 in chapter four.  Out of thirty three pages in
    chapter five, three discuss the general subject of Web security, while
    there is almost nothing on the titular topic of management of Web
    Part three reviews cryptographic and technical security standards. 
    (There are a great many grammatical errors, and the authors use
    almost-but-not-quite standard terminology.)  Chapter six is an
    opinionated piece, but does touch on some basic cryptographic ideas. 
    Myths and limitations of cryptography are listed in chapter seven. 
    Chapter eight has descriptions, that are both overly technical and
    incomplete, of ISO cryptographic standards.
    Part four talks about law and security.  Chapter nine discusses
    privacy, but only in regard to employer monitoring of employee email. 
    The weaknesses of the New Zealand privacy law are commented on in
    chapter ten.
    It is difficult to say that any audience would benefit from this vague
    collection of unfocused ideas.
    copyright Robert M. Slade, 2002   BKIISMRS.RVW   20020825
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
    Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
        February 10, 2003   February 14, 2003   St. Louis, MO
        March 31, 2003      April 4, 2003       Indianapolis, IN
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Jan 10 2003 - 00:49:06 PST