Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > REVIEW: "Information Security Risk Analysis", Thomas R. Peltier

Reply
Thread Tools

REVIEW: "Information Security Risk Analysis", Thomas R. Peltier

 
 
Rob Slade, doting grandpa of Ryan and Trevor
Guest
Posts: n/a
 
      06-21-2004
BKINSCRA.RVW 20040509

"Information Security Risk Analysis", Thomas R. Peltier, 2001,
0-8493-0880-1
%A Thomas R. Peltier
%C 920 Mercer Street, Windsor, ON N9A 7C2
%D 2001
%G 0-8493-0880-1
%I Auerbach Publications
%O +1-800-950-1216 http://www.velocityreviews.com/forums/(E-Mail Removed)
%O http://www.amazon.com/exec/obidos/AS...bsladesinterne
http://www.amazon.co.uk/exec/obidos/...bsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASI...bsladesin03-20
%P 281 p.
%T "Information Security Risk Analysis"

Chapter one, supposedly discussing effective risk management, outlines
a number of points important to the process, but in a rather scattered
manner. Material seems to have been gathered from a variety of
sources, but the gaps between those references and articles have not
been filled. The information given is inconsistent in terms of
significance: a list of natural threats lists "air pollution" (there
is no corresponding "water pollution") and "earthquakes" as generic
issues, but breaks weather conditions down into items as specific as
"Alberta Clipper" and "lake effect snow" (as well as a very odd
mention of "yellow snow," defined as snow coloured by pollen). Risk
analysis methods are generally divided into quantitative and
qualitative, so one would assume that chapter two, "Qualitative Risk
Analysis," would present the concepts of this idea, leaving
quantitative analysis for another section. Neither of those
assumptions is true: chapter two lists three different methods that
would probably be seen as qualitative, but does not analyse or compare
them, and quantitative analysis is not reviewed in any specific part
of the book. Chapter three, entitled "Value Analysis," is an
extremely terse mention of the importance of calculating the value of
assets. Five more qualitative procedures are listed in chapter four.
Another such, the Facilitated Risk Analysis Process (FRAP), suitable
for a quick risk review in a small department, is described in chapter
five, along with some related, but incompletely described, forms and
charts. "Other Uses of Qualitative Risk Analysis," in chapter six,
enumerates a few other risk analysis factors, mostly to do with
business impact analysis. Chapter seven is supposed to be a case
study using FRAP, but consists of fifty pages of unexplained forms.
The appendices contain various forms, again without commentary or
exegesis, including a questionnaire that bears a strong resemblence to
the US NIST (National Institute of Standards and Technology) security
self-assessment form.

The basics of risk analysis are here, but, aside from a padding of
verbiage, there is not much else. A decent article on the subject,
such as Ozier's in the "Information Security Management Handbook" (cf.
BKINSCMH.RVW), covers every bit as much territory, and in a more
concise manner.

copyright Robert M. Slade, 2004 BKINSCRA.RVW 20040509

--
======================
(E-Mail Removed) (E-Mail Removed) (E-Mail Removed)
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
or mirror http://sun.soci.niu.edu/~rslade/
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
Security Educ.: http://groups.yahoo.com/group/comseced/
Review mailing list: send mail to (E-Mail Removed)
or (E-Mail Removed)

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Query string variables security risk Thirsty Traveler ASP .Net 7 04-09-2006 03:24 PM
HTTP content-length a security risk? Roedy Green Java 2 02-14-2006 02:07 PM
REVIEW: "Computer Security for the Home and Small Office", Thomas C. Greene Rob Slade, doting grandpa of Ryan and Trevor Computer Security 5 08-18-2004 03:29 PM
Wireless Devices - Security Risk? b1377@worldnet.att.net Computer Security 1 06-09-2004 06:46 AM
Windows Media Player 9 is a security risk Steve Young Digital Photography 230 11-10-2003 09:22 PM



Advertisments