Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > REVIEW: "Enterprise Information Systems Assurance and System Security", Merrill Warkentin/Rayford Vaughn

Thread Tools

REVIEW: "Enterprise Information Systems Assurance and System Security", Merrill Warkentin/Rayford Vaughn

Robert Michael Slade
Posts: n/a

"Enterprise Information Systems Assurance and System Security",
Merrill Warkentin/Rayford Vaughn, 2006, 1-59140-912-8, U$74.95
%E Merrill Warkentin Removed)
%E Rayford Vaughn
%C Suite 200 701 E. Chocolate Ave., Hershey, PA 17033-1117
%D 2006
%G 1-59140-912-8
%I IRM Press/Idea Group/IGI Global
%O U$74.95 800-345-432 717-533-8845 (E-Mail Removed)
%O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 406 p.
%T "Enterprise Information Systems Assurance and System Security"

This book is a collection of papers on various topics in information
security, divided into five subject areas. There are a number of
similar works, such as the highly regarded Information Security
Management Handbook (cf. BKINSCMH.RVW), and the somewhat lower quality
"Computer Security Handbook" (cf. BKCMSCHB.RVW)

The first section of the work is supposedly devoted to security policy
and management. Three of the papers are unstructured (and
surprisingly terse) collections of thoughts on various themes related
to security management (and some stories of work experiences retailed
as "case studies"): one examines malware protection and basically
suggests that you have virus scanning on the desktop, server, and
network gateway. "Security Implications for Business" doesn't sound
like it would be easy to define, other than saying risks are bad, so
the fact that much of the material in the second section is similarly
vague and disorganized is no surprise. What is startling is that we
get some actual details on documents related to the Sarbanes-Oxley
legislation, a review of Web commerce threats, and the recommendation
to use decentralization as a measure to build business continuity.
Security engineering should be more definitive, so the generic nature
of four of the five papers in section three is more disappointing.
The paper on securing wireless networks isn't great, but it is, at
least, useful. Part four takes brief looks at intrusion detection
technologies, honeynets, an even worse than usual view of
steganography, some aspects of database security, and digital
forensics. Of the three papers in the final section, only one
contains a decent overview of the topic of authentication.

Most of the material in this book is vague, generic, undetailed, and
of very questionable value. In addition to those mentioned above,
Anderson's "Security Engineering" (cf. BKSECENG.RVW), Stallings'
"Computer Security: Principles and Practice" (cf. BKCMSCPP.RVW), and
Stamp's "Information Security: Principles and Practice" (cf.
BKINSCPP.RVW) all provide more complete, detailed, accurate, and
useful coverage of security management and assurance.

copyright Robert M. Slade, 2008 BKEISASS.RVW 20080207

(E-Mail Removed) (E-Mail Removed) (E-Mail Removed)
Find virus, book info
Review mailing list: send mail to (E-Mail Removed)
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Maybe C is the perfect language for really good systems programmers, but unfortunately not-so-good systems and applications programmers are using it and they shouldn’t be. Casey Hawthorne C Programming 18 11-06-2009 05:05 AM
New FISMA Information Assurance Tool - xbasics Ulinzi Computer Security 17 06-24-2008 06:18 PM
Voip PBX,Private Phone Systems,PBX Telephone Systems, Business Phone Systems UK VOIP 9 07-24-2006 03:44 PM
CFP: Artificial Intelligence in Information Assurance and Security Ranadhir ghosh Computer Security 0 04-06-2006 12:43 PM
Merrill Lynch swaps out Cisco VoIP gear for Avaya???? Patrick Lam Cisco 0 07-29-2003 06:13 AM