REVIEW: "The Secured Enterprise", Paul E. Proctor/F. Christian Byrnes

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Sep 1, 2004.

  1. BKSEPYIA.RVW 20040719

    "The Secured Enterprise", Paul E. Proctor/F. Christian Byrnes, 2002,
    0-13-061906-X, U$34.99/C$54.99
    %A Paul E. Proctor
    %A F. Christian Byrnes
    %C One Lake St., Upper Saddle River, NJ 07458
    %D 2002
    %G 0-13-061906-X
    %I Prentice Hall
    %O U$34.99/C$54.99 +1-201-236-7139 fax: +1-201-236-7131
    %O http://www.amazon.com/exec/obidos/ASIN/013061906X/robsladesinterne
    http://www.amazon.co.uk/exec/obidos/ASIN/013061906X/robsladesinte-21
    %O http://www.amazon.ca/exec/obidos/ASIN/013061906X/robsladesin03-20
    %P 304 p.
    %T "The Secured Enterprise: Protecting Your Information Assets"

    The introduction states that the book is aimed at business
    professionals, but that security professionals may also find it useful
    as a reference.

    Part one is an introduction to security. So is chapter one, which
    extends the traditional CIA (Confidentiality, Integrity, Availability)
    security triad to include non-repudiation. (Most security analysts
    would see that function as a special case of integrity.) This muddled
    thinking is echoed by the muddled structure of the chapter, which
    touches tersely on roles and policies, and contains an extremely
    incomplete list of security technologies. Miscellaneous threats are
    mentioned in chapter two. Policies are revisited in chapter three,
    although the discussion is not clear in regard to high level policy
    formation, and more applicable to access privilege or procedures.
    Chapter four deals specifically with access control, but in a
    disorganized and incomplete fashion.

    Part two deals with security technologies. Chapter five is an
    incomplete definition and description of firewalls (stateful and
    circuit proxy types are never mentioned). An incomplete description
    of vulnerability scanners is given in chapter six. An incomplete and
    very dated discussion of viruses and protection makes up chapter
    seven. (Various implementations of scanning are noted, but there is
    no reference to activity monitors or change detection). The limited
    review of intrusion detection, in chapter eight, has a rather
    misleading explanation of sensor topology, and no clear explanation at
    all of engine types. Chapter nine has a simplistic outline of
    asymmetric cryptography and public key infrastructure (and a very odd
    example of the key management problem). Chapter ten has lots of
    verbiage about virtual private networks. A strange conflation of
    mobile communication and wireless LAN topics is in chapter eleven.
    Chapter twelve seems to both recommend and disparage single sign-on.
    A promotional piece for digital signature technology is in chapter
    thirteen.

    Part three discusses implementation. Chapter fourteen outlines the
    setting up of a security program, but only if you know what should go
    into the various pieces already. Security assessment, in chapter
    fifteen, is limited to different types of penetration or vulnerability
    testing, with a ludicrously short description of risk assessment.
    There is a simplistic overview of incident response and business
    continuity planning in chapter seventeen. Random bits of Web and
    Internet security are listed in eighteen.

    Given the scattered nature of the entire work, it is curious that part
    four is entitled "Odds and Ends." Miscellaneous legal issues are
    raised in chapter nineteen. Chapter twenty is supposed to help you
    with "Putting It All Together," but just contains editorial advice.

    OK, is it good for non-security businesspeople? Maybe, if they really
    know extremely little about security, and don't need to manage the
    security function. They will at least obtain some familiarity with
    the terms that might be used, although it could be a case of a little
    knowledge being a dangerous thing. As for security professionals: get
    some decent references.

    copyright Robert M. Slade, 2004 BKSEPYIA.RVW 20040719

    --
    ======================

    ============= for back issues:
    Upcoming CISSP courses (call 800-868-4858) - Vancouver, BC, Sept. 13-17
    [Base URL] site http://victoria.tc.ca/techrev/
    or mirror http://sun.soci.niu.edu/~rslade/
    CISSP refs: [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Book reviews: [Base URL]mnbk.htm
    Review mailing list: send mail to
    or
     
    Rob Slade, doting grandpa of Ryan and Trevor, Sep 1, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Linux Security Cookbook", Daniel J. Barrett/Richard E. Silverman/Robert G. Byrnes

    Rob Slade, doting grandpa of Ryan and Trevor, Dec 9, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    520
    Rob Slade, doting grandpa of Ryan and Trevor
    Dec 9, 2003
  2. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Bluetooth Security", Christian Gehrmann/Joakim Persson/Ben Smeets

    Rob Slade, doting grandpa of Ryan and Trevor, Jul 12, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    520
    Rob Slade, doting grandpa of Ryan and Trevor
    Jul 12, 2004
  3. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Biometrics for Network Security", Paul Reid

    Rob Slade, doting grandpa of Ryan and Trevor, Oct 1, 2004, in forum: Computer Security
    Replies:
    13
    Views:
    1,242
    Bruce Barnett
    Oct 8, 2004
  4. anthonyberet

    Quick Christian question

    anthonyberet, Aug 29, 2006, in forum: Computer Support
    Replies:
    40
    Views:
    1,183
    Insults Galore
    Sep 4, 2006
  5. Brenda

    24 hour Christian Prayer line?

    Brenda, May 4, 2007, in forum: Computer Support
    Replies:
    12
    Views:
    3,862
    juliaandcaleb
    Jun 1, 2011
Loading...

Share This Page