The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first. | |
 |
Home Recent reviews Collected book news Welcome to this site Add your own book |
Book details of 'Securing Business Information: Strategies to Protect the Enterprise and Its Network'
| Title | Securing Business Information: Strategies to Protect the Enterprise and Its Network |
| Author(s) | Chrisitan F. Byrnes, Dale Kutnick |
| ISBN | 020176735X |
| Language | English |
| Published | January 2002 |
| Publisher | Addison-Wesley Pub Co |
Back to shelf Computer security
Amazon.com info for Securing Business Information: Strategies to Protect the Enterprise and Its Network
Score:
Vote for this bookThe Virtual Bookcase Reviews of 'Securing Business Information: Strategies to Protect the Enterprise and Its Network':
Reviewer Rob Slade wrote:The preface addresses how to keep data secure in a distributed environment. Chapter one tells us that the first thing to do is prepare the organization for changes, then that the first thing to do is to write a policy, then that the first thing to do is get a strong base of support among the executives, then that the first thing to do is market the idea to executives and users, then that the first thing to do is to build an effective organizational structure. The material meanders through a kind of utopian view of what a mission statement and organization chart should be before settling into a promotion of political and marketing campaign strategies to sell security to the executives. The asset identification portion of risk analysis is covered in chapter two. A multi-dimensional and not-quite-orthogonal set of domains for classifying resources is overly complex, but may help you to identify holdings that are generally unregarded. At first chapter three seems to be proceeding with risk analysis, but then it veers into policies (if you consider benchmarks equivalent to policies). Similarly, chapter four seems to start out with risk analysis, and then moves to safeguards, and then moves into business impact analysis. Risk analysis *finally* gets a (somewhat incomplete) explanation in chapter five, which then moves on to cost/benefit analysis, then cultural (political) considerations. Chapter six suggests that you rank, select, and market the necessary projects identified by the analysis. Small companies may wish to shorten the process by doing the above four times over, states chapter seven. Chapter eight recommends having a strategy for changing technology. A grab bag of security technologies is in chapter nine, which is particularly poor in regard to viruses. Chapter ten provides two fictional "case studies," and eleven lists the followup projects from them. Role-based access control is promoted in chapter twelve, while chapter thirteen does the same for "single sign-on." "Pitiful" is the only word that can be used to describe the bibliography. Yet another book that attempts to provide a quick review of all of security--and fails. copyright Robert M. Slade, 2002
Add my review for Securing Business Information: Strategies to Protect the Enterprise and Its Network