The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Intranet Security - Stories from the Trenches'

Cover of Intranet Security - Stories from the Trenches
TitleIntranet Security - Stories from the Trenches
Author(s)Linda McCarthy, Sun Microsystems Press
ISBN0138947597
LanguageEnglish
PublishedJanuary 1998
PublisherPrentice Hall PTR
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer security
Amazon.com info for Intranet Security - Stories from the Trenches

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Intranet Security - Stories from the Trenches':

Reviewer Rob Slade wrote:
Data security is more than somewhat akin to the weather. Many people talk a good line about how important it is to their company, but few invest the time, money, vigour, and rigour to make it really effective. There are some very good, practical, computer security books on the market. Leaving aside the really bad ones, though, there are also a great number of works that take a rather pompous academic approach to the concepts only, leaving the actual details of real dangers and protection as an exercise to the reader. McCarthy takes a different tack. Each chapter in this book is an authentic case study, with the names changed to protect the unfortunate. While this means that the text can't be easily used as a reference, with quick indexing of specific tasks, the content is firmly based in the real world, and informed with the author's insights into how people actually do react in an emergency. Techies may be unhappy with the lack of technical details in the inquiries. Too bad. Security is much more of a management issue than a technical one, and the stories show that clearly. The result is, therefore, much closer to "Digital Woes" or "Computer-Related Risks" (see reviews) than, say, "Practical UNIX and Internet Security" (see reviews). The book is also very readable. The chapters follow a format that includes a fictional worst case scenario, then presents the incident itself, gives a summary of the problems that led to the predicament, and finally suggestions for avoiding the trouble. The text is almost light, and loaded with personal entries both as observations of company situations and lively trivia. (I, too, have a sister much younger than I am.) Each investigation is chosen with a view to emphasizing a particular security problem or issue. Chapter one shows that without an incident response procedure, and exception report communications, even detection of attacks can fail to protect the enterprise. The danger of shrink-wrapped, out-of-the-box solutions is demonstrated in chapter two. As I noted at the beginning, data security gets a lot of lip service, particularly from management. Chapter three reveals the wrong way for executives to promote security--and also tells you how to do it right. Security requires a cooperative effort, as chapter four points out, and failure to specify areas of responsibility can result in loopholes and vulnerabilities. Chapter five looks at another area that gets more speeches than spending--training. Risk assessment, and the risk of not assessing risks, is the theme of chapter six. Where chapter four looks at the negligence in determining roles with respect to security, chapter seven finds that drawing the lines too finely can also result in gaps in coverage and protection. Over the years I have railed against antivirus procedures that are not effective because they are too draconian for people to actually use if they want to get work done. Chapter eight discloses the problem with unrealistic policies in any field of security. As chapters four and seven point out the potential difficulties where individual partners each leave security to the other, so chapter nine demonstrates the same problem between companies doing business together. Chapter ten points out the importance of encryption--the backbone of all data security--in every area of corporate activity. Finally, the techies can be happy with chapter eleven. It gives a detailed log of a system penetration. I will forgive McCarthy her use of the term "hacker" (she does mention the hacker/cracker controversy) for someone bent on security breaking, since she so forcefully derides the image of the invader as an "evil genius." An appendix provides contact information for tools, products, incident response teams, and security organizations. I was rather disappointed to find that Internet references for a number of the tools do not specify full location information, that relatively few security organizations are listed, that the antiviral systems mentioned are not of the top rank, and, most important of all, none of the international emergency response teams are from Canada. This book belongs on every security and management bookshelf. For the non-specialist manager, it provides enough background to prompt the right questions and concerns. For the head down data security specialist ... when was it you needed to make that pitch to the executive committee? copyright Robert M. Slade, 1997
Add my review for Intranet Security - Stories from the Trenches
Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2009 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement