REVIEW: "Securing Information and Communications Systems", Steven Furnell et al

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Dec 16, 2008.

  1. BKSCINCS.RVW 20081123

    "Securing Information and Communications Systems", Steven Furnell et
    al, 2008, 978-1-59693-228-9, U$109.00
    %A Steven Furnell
    %A Sokratis Katsikas
    %A Javier Lopez
    %A Ahmed Patel
    %C 685 Canton St., Norwood, MA 02062
    %D 2008
    %G 978-1-59693-228-9 1-59693-228-7
    %I Artech House/Horizon
    %O U$109.00 617-769-9750 fax: 617-769-6334
    %O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
    %P 362 p.
    %T "Securing Information and Communications Systems"

    The preface states that the book is based on an idea which arose from
    work directed towards a specific conference or course, but does not
    really specify what the idea, or the subject of the course, was.
    Chapter one, an introduction, notes the increasing importance of
    information security, and lists topics which seem to cover most of the
    field except for business continuity and physical security.

    Chapter two is a vague and disorganized overview of some generic
    concepts of security. Security management, in chapter three, is
    limited to an attempt to apply the PDCA (the Deming/Shewart Plan-Do-
    Check-Act) model to process management, but the illustration material
    is unclear. (There is also a brief mention of business continuity
    planning.) A list of the standard means of authentication is given in
    chapter four. Some of the usual models of access control are
    catalogued in chapter five. (Although "authorization" is specifically
    mentioned in the chapter title, the text does not really address the
    issue. The figures purporting to explain the Bell-LaPadula and Biba
    models are pretty much incomprehensible.) Some threats and tools
    related to database security are noted in chapter six. Chapter seven
    outlines some of the basic concepts of cryptography, but in a fairly
    abstract fashion. Most of the material on network security, in
    chapter eight, is a listing of tools. Some content is misleading: a
    list of VPN (Virtual Private Network) protocols fails to note that
    none of those included have any provisions for encryption or
    authentication. Chapter nine fills some of the gaps in seven, by
    raising some factors involved in a hierarchical model of PKI (Public
    Key Infrastructure). A few aspects of tokens and smart cards are
    discussed in chapter ten. Random thoughts on privacy and privacy
    supporting technologies are in eleven. Chapter twelve looks, somewhat
    disjointedly, at various types of Web filtering, but the promised
    legal issues aren't really covered. Some functions of an
    investigation into a computer incident are reviewed in chapter
    thirteen. Chapter fourteen purports to propose a holistic approach to
    IT and communications security, but instead is a series of abstract
    and epistemological musings with little practical use. The formal
    requirements for a voting system are noted in chapter fifteen, but
    there is no actual system or any analysis of such. Chapter sixteen is
    ostensibly a serverless, peer-to-peer wiki system, but at heart is
    actually just a normal authentication system such as Kerberos: the
    problems noted at the beginning of the article are simply moved one
    stage back.

    As a general introduction to or outline of security the work does not
    have the scope and detail of "Computer Security: Principles and
    Practice" by William Stallings and Lawrie Brown (cf. BKCMSCPP.RVW), or
    any of a number of other general works. In terms of specific,
    detailed, or recent research, the "Information Security Management
    Handbook" (cf. BKINSCMH.RVW) has much greater depth and range.

    copyright Robert M. Slade, 2008 BKSCINCS.RVW 20081123


    "Dictionary of Information Security," Syngress 1597491152
    ============= for back issues:
    [Base URL] site
    CISSP refs: [Base URL]mnbksccd.htm
    Book reviews: [Base URL]mnbk.htm
    Review mailing list: send mail to
    Rob Slade, doting grandpa of Ryan and Trevor, Dec 16, 2008
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. m1k30rz

    Steven Brehm

    m1k30rz, Jun 21, 2005, in forum: Case Modding
    Jun 27, 2005
  2. =?Utf-8?B?TW9oYW1lZCBUYWhlcg==?=

    Thank you Steven L Umbach

    =?Utf-8?B?TW9oYW1lZCBUYWhlcg==?=, Jan 7, 2005, in forum: MCSE
    Jan 7, 2005
  3. Jojo H

    Ok, so I got the Minolta G500 - Thanks Steven!

    Jojo H, Nov 8, 2003, in forum: Digital Photography
    Jojo H
    Nov 8, 2003
  4. FUCKO


    FUCKO, Feb 16, 2004, in forum: Digital Photography
    Feb 16, 2004
  5. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "High Tech Crimes Revealed", Steven Branigan

    Rob Slade, doting grandpa of Ryan and Trevor, Dec 29, 2004, in forum: Computer Security