RE: Book Review

["Brad Bemis" <Brad.Bemis () airborne com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

These are not meant to be books for reading or for learning how to develop
policies or apply personnel security programs.  They are built as a series
of objective statements and supporting commentary so that you as a policy
developer can sit down, figure out what areas of security your policy needs
to cover, and use the objective statements as the foundation for coverage. 
The book is very useful as an example tool, but I think that it also makes
it tempting for folks to simply build 'cut and paste' security policies
that have limited value in the applicable environment (policies must be
tailored to meet individual organizational needs, there is no 'one size
fits all').

The reason the books are so expensive?  It is like hiring a consultant in a
bottle...  You are actually getting good value for your money, but only if
you use the information in an appropriate manner.  

I purchased a copy of the ver9 policy book about 4 months ago (though I
already had versions 5 and 6 available to me).  The new version is broken
down into areas of coverage in-line with ISO 17799 and comes with a handy
CD so that you really and truly can just do a cut and paste (of those items
that are applicable) and modify them without too much effort.  

Again, this book is not meant to teach you who to write policy, it is to be
used for sampling.  If you want to learn about policy development, "Writing
Information Security Policies" by Scott Berman isn't too bad...  Though
personally, I have not found a policy book that impresses me yet.  

Hope that helps.  


Thank you for your time and attention,

========================
Brad Bemis
Information Security Services
Airborne Express
(206) 830-3478
========================
Email Notice: This communication may contain sensitive information. If you
are not the intended recipient, or believe that you have received this
communication in error; do not print, copy, retransmit, disseminate, or
otherwise use the information contained herein for any purpose. Please
alert the sender that you have received this message in error, and delete
the copy that you received.





> -----Original Message-----
> From: John Smithson [mailto:why1234 () hotmail com]
> Sent: Tuesday, July 22, 2003 2:22 PM
> To: security-basics () securityfocus com
> Subject: Book Review
>
>
> Hello folks,
>
> I would like to find out review of book by Net IQ, 
> "Information Security 
> Policies Made Easy, Version 9" (ISBN Numbers: 1-881585-09-3). 
>  The retail 
> cost of the book is $795 (yikes).  Net IQ also has another 
> book "Information 
> Security Roles & Responsibilities Made Easy V1" (ISBN Numbers: 
> 1-881585-08-5).  The retail cost of the book is $495 (another 
> yikes).  Both 
> books can be found at:
>
> http://www.netiq.com/order/category.asp?c=21&PagePath=/order/P
> ublications.asp
>
> I would like to find out some of your opinions on both of 
> these books, 
> before making any decision on purchasing. How would you rate 
> these books? 
> How is the information provided by these books?
>
> Thanks,
>
> _________________________________________________________________
> Add photos to your e-mail with MSN 8. Get 2 months FREE*.  
> http://join.msn.com/?page=features/featuredemail
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------

-----BEGIN PGP SIGNATURE-----

iQA/AwUBPx6oNpDnOfS48mrdEQJ9IACg1rFFYIf0gEXETqt+pC8/NRtoMWsAoM1y
mT1VCXALGmIz0ap9RLOAa77P
=leER
-----END PGP SIGNATURE-----



---------------------------------------------------------------------------
----------------------------------------------------------------------------