REVIEW: "Information Security Risk Analysis", Thomas R. Peltier

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Jun 21, 2004.

  1. BKINSCRA.RVW 20040509

    "Information Security Risk Analysis", Thomas R. Peltier, 2001,
    0-8493-0880-1
    %A Thomas R. Peltier
    %C 920 Mercer Street, Windsor, ON N9A 7C2
    %D 2001
    %G 0-8493-0880-1
    %I Auerbach Publications
    %O +1-800-950-1216
    %O http://www.amazon.com/exec/obidos/ASIN/0849308801/robsladesinterne
    http://www.amazon.co.uk/exec/obidos/ASIN/0849308801/robsladesinte-21
    %O http://www.amazon.ca/exec/obidos/ASIN/0849308801/robsladesin03-20
    %P 281 p.
    %T "Information Security Risk Analysis"

    Chapter one, supposedly discussing effective risk management, outlines
    a number of points important to the process, but in a rather scattered
    manner. Material seems to have been gathered from a variety of
    sources, but the gaps between those references and articles have not
    been filled. The information given is inconsistent in terms of
    significance: a list of natural threats lists "air pollution" (there
    is no corresponding "water pollution") and "earthquakes" as generic
    issues, but breaks weather conditions down into items as specific as
    "Alberta Clipper" and "lake effect snow" (as well as a very odd
    mention of "yellow snow," defined as snow coloured by pollen). Risk
    analysis methods are generally divided into quantitative and
    qualitative, so one would assume that chapter two, "Qualitative Risk
    Analysis," would present the concepts of this idea, leaving
    quantitative analysis for another section. Neither of those
    assumptions is true: chapter two lists three different methods that
    would probably be seen as qualitative, but does not analyse or compare
    them, and quantitative analysis is not reviewed in any specific part
    of the book. Chapter three, entitled "Value Analysis," is an
    extremely terse mention of the importance of calculating the value of
    assets. Five more qualitative procedures are listed in chapter four.
    Another such, the Facilitated Risk Analysis Process (FRAP), suitable
    for a quick risk review in a small department, is described in chapter
    five, along with some related, but incompletely described, forms and
    charts. "Other Uses of Qualitative Risk Analysis," in chapter six,
    enumerates a few other risk analysis factors, mostly to do with
    business impact analysis. Chapter seven is supposed to be a case
    study using FRAP, but consists of fifty pages of unexplained forms.
    The appendices contain various forms, again without commentary or
    exegesis, including a questionnaire that bears a strong resemblence to
    the US NIST (National Institute of Standards and Technology) security
    self-assessment form.

    The basics of risk analysis are here, but, aside from a padding of
    verbiage, there is not much else. A decent article on the subject,
    such as Ozier's in the "Information Security Management Handbook" (cf.
    BKINSCMH.RVW), covers every bit as much territory, and in a more
    concise manner.

    copyright Robert M. Slade, 2004 BKINSCRA.RVW 20040509

    --
    ======================

    ============= for back issues:
    [Base URL] site http://victoria.tc.ca/techrev/
    or mirror http://sun.soci.niu.edu/~rslade/
    CISSP refs: [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Security Educ.: [Base URL]comseced.htm
    Book reviews: [Base URL]mnbk.htm
    [Base URL]review.htm
    Partial/recent: http://groups.yahoo.com/group/techbooks/
    Security Educ.: http://groups.yahoo.com/group/comseced/
    Review mailing list: send mail to
    or
     
    Rob Slade, doting grandpa of Ryan and Trevor, Jun 21, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ww_crimson

    Rob Thomas' new album

    ww_crimson, Jul 14, 2005, in forum: The Lounge
    Replies:
    2
    Views:
    4,578
    pakeeza1990
    Jan 13, 2011
  2. erslket
    Replies:
    12
    Views:
    1,113
    Eyal Teler
    Jan 19, 2004
  3. wendy thomas

    CV of Jamie Thomas

    wendy thomas, Feb 10, 2004, in forum: Computer Support
    Replies:
    15
    Views:
    2,272
    Senti
    Feb 13, 2004
  4. twsuperman

    it's Thomas

    twsuperman, May 31, 2005, in forum: Computer Support
    Replies:
    3
    Views:
    658
    Blinky the Shark
    Jun 2, 2005
  5. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Computer Security for the Home and Small Office", Thomas C. Greene

    Rob Slade, doting grandpa of Ryan and Trevor, Aug 17, 2004, in forum: Computer Security
    Replies:
    5
    Views:
    776
    Kleeb
    Aug 18, 2004
Loading...

Share This Page