REVIEW: "Enterprise Information Systems Assurance and System Security", Merrill Warkentin/Rayford Va

Discussion in 'Computer Security' started by Robert Michael Slade, May 23, 2008.

  1. BKEISASS.RVW 20080207

    "Enterprise Information Systems Assurance and System Security",
    Merrill Warkentin/Rayford Vaughn, 2006, 1-59140-912-8, U$74.95
    %E Merrill Warkentin
    %E Rayford Vaughn
    %C Suite 200 701 E. Chocolate Ave., Hershey, PA 17033-1117
    %D 2006
    %G 1-59140-912-8
    %I IRM Press/Idea Group/IGI Global
    %O U$74.95 800-345-432 717-533-8845
    %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
    %P 406 p.
    %T "Enterprise Information Systems Assurance and System Security"

    This book is a collection of papers on various topics in information
    security, divided into five subject areas. There are a number of
    similar works, such as the highly regarded Information Security
    Management Handbook (cf. BKINSCMH.RVW), and the somewhat lower quality
    "Computer Security Handbook" (cf. BKCMSCHB.RVW)

    The first section of the work is supposedly devoted to security policy
    and management. Three of the papers are unstructured (and
    surprisingly terse) collections of thoughts on various themes related
    to security management (and some stories of work experiences retailed
    as "case studies"): one examines malware protection and basically
    suggests that you have virus scanning on the desktop, server, and
    network gateway. "Security Implications for Business" doesn't sound
    like it would be easy to define, other than saying risks are bad, so
    the fact that much of the material in the second section is similarly
    vague and disorganized is no surprise. What is startling is that we
    get some actual details on documents related to the Sarbanes-Oxley
    legislation, a review of Web commerce threats, and the recommendation
    to use decentralization as a measure to build business continuity.
    Security engineering should be more definitive, so the generic nature
    of four of the five papers in section three is more disappointing.
    The paper on securing wireless networks isn't great, but it is, at
    least, useful. Part four takes brief looks at intrusion detection
    technologies, honeynets, an even worse than usual view of
    steganography, some aspects of database security, and digital
    forensics. Of the three papers in the final section, only one
    contains a decent overview of the topic of authentication.

    Most of the material in this book is vague, generic, undetailed, and
    of very questionable value. In addition to those mentioned above,
    Anderson's "Security Engineering" (cf. BKSECENG.RVW), Stallings'
    "Computer Security: Principles and Practice" (cf. BKCMSCPP.RVW), and
    Stamp's "Information Security: Principles and Practice" (cf.
    BKINSCPP.RVW) all provide more complete, detailed, accurate, and
    useful coverage of security management and assurance.

    copyright Robert M. Slade, 2008 BKEISASS.RVW 20080207


    Find virus, book info
    Review mailing list: send mail to
    "Robert Slade's Guide to Computer Viruses" 0-387-94663-2
    "Viruses Revealed" 0-07-213090-3
    "Software Forensics" 0-07-142804-6
    Robert Michael Slade, May 23, 2008
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silverstrand

    Review: Battalion-101~ S Notebook Review

    Silverstrand, Jun 20, 2005, in forum: The Lounge
    Jun 20, 2005
  2. Patrick Lam
    Patrick Lam
    Jul 29, 2003
  3. Thad

    DP Review Leica Digilux 2 Review

    Thad, May 11, 2004, in forum: Digital Photography
    May 12, 2004
  4. Mike McGee
    Mike McGee
    Dec 4, 2003
  5. Replies: