Re: REVIEW: "Mission Critical Security Planner", Eric Greenberg

From: Eric Greenberg (eric_at_netframeworks.com)
Date: 06/16/03

  • Next message: n1pop_at_hotmail.com: "Re: HIJACKING computer-need help!" 
    Date: 16 Jun 2003 06:34:27 -0700

    My book titled Mission Critical Security Planner (Wiley, 2003), which
    Slade has critiqued here, survived full scrutiny and review on
    slashdot.org, a tough group of folks

    http://books.slashdot.org/article.pl?sid=03/02/13/1515257

    and has been reviewed by many reviewers, all of which have offered
    nothing but praise. I encourage you to see the other reviews on
    Amazon.com and elsewhere on the Internet.

    http://www.amazon.com/exec/obidos/ASIN/0471211656

    You might also visit the Mission Critical Security Planner companion
    web site, where you can download a free electronic copy of the Chapter
    1 and the free worksheets used in the book, at

    http://www.CriticalSecurity.com

    Judge my commitment to this book, supporting the readers, and security
    planning in general, by that material and the website.

    I'd ask people reading Slade's reviews to look at the one book he put
    his name on (as a co-author with others) "Viruses Revealed" (McGraw-
    Hill, 2001). You can buy this relatively recent book used for $1.28
    at Amazon and find out for yourself (list price on the book is
    $39.99). The reviews of his book can found at

    http://www.amazon.com/exec/obidos/ASIN/0072130903

    I encourage you to buy his book used and judge for yourself.

    Regards,
    Eric Greenberg
    Author, Mission Critical Security Planner
    http://www.amazon.com/exec/obidos/ASIN/0471211656
    http://www.CriticalSecurity.com

    rslade@sprint.ca (Rob Slade, doting grandpa of Ryan and Trevor) wrote in message news:<JO5Da.4577$Q%6.38848@newscontent-01.sprint.ca>...
    > BKMSCRSP.RVW 20030330
    >
    > "Mission Critical Security Planner", Eric Greenberg, 2003,
    > 0-471-21165-6, U$35.00/C$54.95/UK#25.95
    > %A Eric Greenberg
    > %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
    > %D 2003
    > %G 0-471-21165-6
    > %I John Wiley & Sons, Inc.
    > %O U$35.00/C$54.95/UK#25.95 416-236-4433 fax: 416-236-4448
    > %O http://www.amazon.com/exec/obidos/ASIN/0471211656/robsladesinterne
    > http://www.amazon.co.uk/exec/obidos/ASIN/0471211656/robsladesinte-21
    > %O http://www.amazon.ca/exec/obidos/ASIN/0471211656/robsladesin03-20
    > %P 416 p.
    > %T "Mission Critical Security Planner"
    >
    > In the introduction, Greenberg claims that his book provides guidance
    > on how to do quantitative security planning without calculations
    > (which sounds somewhat self-contradictory) using a new technique he
    > calls impact analysis (which doesn't sound too different from business
    > impact analysis). A technical background is said to be unnecessary,
    > the process is work*** based, and the target audience is security
    > managers.
    >
    > Chapter one says that protecting information is not exact (a statement
    > that doesn't seem to fit well with the work*** approach). Random
    > security topics include planning, intruders, and a risk analysis
    > example which is, ironically in view of the introduction, more
    > computationally intensive than most. An overview of planning, in
    > chapter two, majors on the minors. Policies are not discussed until
    > twenty five pages into the material, and then the emphasis is on very
    > specific areas like exit (termination of employment) procedures,
    > leaving huge topics uncovered. Twenty eight security elements are
    > listed, and all are important, but almost all are either over-vague or
    > over-specific.
    >
    > Chapters three and four introduce the worksheets themselves. Sixteen
    > topic areas have four sheets each, dealing with the technical,
    > lifecycle, business, and "selling to management" aspects of the
    > themes, while other domains may have only a single ***. The
    > questions listed may be helpful as reminders to address certain
    > aspects which are often overlooked, but the odd and arbitrary
    > structure is confusing, and the real work is definitely left as an
    > exercise to the reader.
    >
    > A description and analysis of PKI (Public Key Infrastructure), in
    > chapter five, is vague and weak, and contains much unrelated material.
    > Chapter six is a recap of the book, along with a simple list of
    > threats.
    >
    > While the advice in the book is not wrong or misleading, and many
    > important and useful points are buried throughout, poor organization,
    > a lack of consistent depth, and gaps in topical coverage ensure that
    > the text would only poorly repay the investment of time spent studying
    > it. Certainly it should not be used as a major guide to structure the
    > security planning process.
    >
    > copyright Robert M. Slade, 2003 BKMSCRSP.RVW 20030330
    >
    > --
    > ======================
    > rslade@sprint.ca rslade@vcn.bc.ca slade@victoria.tc.ca p1@canada.com
    > "If you do buy a computer, don't turn it on." - Richards' 2nd Law
    > ============= for back issues:
    > [Base URL] site http://victoria.tc.ca/techrev/
    > or mirror http://sun.soci.niu.edu/~rslade/
    > CISSP refs: [Base URL]mnbksccd.htm
    > Security Dict.: [Base URL]secgloss.htm
    > Security Educ.: [Base URL]comseced.htm
    > Book reviews: [Base URL]mnbk.htm
    > [Base URL]review.htm
    > Partial/recent: http://groups.yahoo.com/group/techbooks/
    > Security Educ.: http://groups.yahoo.com/group/comseced/
    > Review mailing list: send mail to techbooks-subscribe@egroups.com

  • Next message: n1pop_at_hotmail.com: "Re: HIJACKING computer-need help!"
    • Quantcast