REVIEW: "Internet and Intranet Security Management", Lech Janczewski

[InfoSec News <isn () c4i org>]

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>

BKIISMRS.RVW   20020825

"Internet and Intranet Security Management", Lech Janczewski, 2000,
1-878-28971-3, U$69.95
%E   Lech Janczewski
%C   1331 E. Chocolate Ave., Hershey, PA   17033-1117
%D   2000
%G   1-878-28971-3
%I   IRM Press/Idea Group
%O   U$69.95 800-345-432 fax: 717-533-8661 cust () idea-group com
%O  http://www.amazon.com/exec/obidos/ASIN/1878289713/robsladesinterne
%P   302 p.
%T   "Internet and Intranet Security Management: Risks and Solutions"

There is a heavy emphasis, in the preface, on the book's being up to
date.  Yet the very first article relies on survey data that was three
years old at the time the essay was written.

Part one supposedly talks about the state of the (security, one
assumes) art.  Chapter one is a vague and superficial look at random
topics and technology related to security, plus results of the
aforementioned opinion poll.  A list of Internet security problems,
and solutions that are not connected to the difficulties, make up
chapter two.

Part two deals with managing Internet security.  Chapter three has
terse descriptions of a number of theories of trust, related to some
generic security concepts.  There are brief overviews of the TCSEC
(Trusted Computer System Evaluation Criteria), Common Criteria, and
not-really-the-BS7799 in chapter four.  Out of thirty three pages in
chapter five, three discuss the general subject of Web security, while
there is almost nothing on the titular topic of management of Web
security.

Part three reviews cryptographic and technical security standards. 
(There are a great many grammatical errors, and the authors use
almost-but-not-quite standard terminology.)  Chapter six is an
opinionated piece, but does touch on some basic cryptographic ideas. 
Myths and limitations of cryptography are listed in chapter seven. 
Chapter eight has descriptions, that are both overly technical and
incomplete, of ISO cryptographic standards.

Part four talks about law and security.  Chapter nine discusses
privacy, but only in regard to employer monitoring of employee email. 
The weaknesses of the New Zealand privacy law are commented on in
chapter ten.

It is difficult to say that any audience would benefit from this vague
collection of unfocused ideas.

copyright Robert M. Slade, 2002   BKIISMRS.RVW   20020825

-- 
======================
rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
    February 10, 2003   February 14, 2003   St. Louis, MO
    March 31, 2003      April 4, 2003       Indianapolis, IN




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.