Re: REVIEW: "Mission Critical Security Planner", Eric Greenberg

From: Spectre (nothing_at_all.calm)
Date: 06/17/03


Date: Tue, 17 Jun 2003 07:17:29 GMT

On 16 Jun 2003 06:34:27 -0700, eric@netframeworks.com (Eric Greenberg)
commented:

>My book titled Mission Critical Security Planner (Wiley, 2003), which
>Slade has critiqued here, survived full scrutiny and review on
>slashdot.org, a tough group of folks
>
>http://books.slashdot.org/article.pl?sid=03/02/13/1515257
>
>and has been reviewed by many reviewers, all of which have offered
>nothing but praise.

Aw, poor baby.... your little missive got trashed because it is full
of shit and you can't stand the heat.... awwww....

If you can't play with the big kids, go home....

> I encourage you to see the other reviews on
>Amazon.com and elsewhere on the Internet.
>
>http://www.amazon.com/exec/obidos/ASIN/0471211656

Sounds more like you can't take real criticism of your work. Having
looked at the crap you spout on the web site, I'd have to agree with
Rob Slade.

>You might also visit the Mission Critical Security Planner companion
>web site, where you can download a free electronic copy of the Chapter
>1 and the free worksheets used in the book, at
>
>http://www.CriticalSecurity.com

Well, when you put fancy new names to old techniques, what do you
expect? Praise? Most of what you are spouting is crap... you don't
have a clue about risk analysis and there are far better missives than
yours out there....

>Judge my commitment to this book, supporting the readers, and security
>planning in general, by that material and the website.

Commitment means squat -- it doesn't translate into ability or
knowledge. As evidenced by your efforts.

>I'd ask people reading Slade's reviews to look at the one book he put
>his name on (as a co-author with others) "Viruses Revealed" (McGraw-
>Hill, 2001).

Sounds like sour grapes on your part, pal. Your only defense of a
crtique of your book is to make comments like this? And incorrect
ones at that?

You are rather ill informed about how many books have Rob Slade's name
on them as author or co-author --- I venture he's written more books
than you've read in your lifetime.

> You can buy this relatively recent book used for $1.28
>at Amazon and find out for yourself (list price on the book is
>$39.99). The reviews of his book can found at
>
>http://www.amazon.com/exec/obidos/ASIN/0072130903
>
>I encourage you to buy his book used and judge for yourself.

Great defense of the qulity of your book -- mis-direct people's
attention from the real issues...

>
>Regards,
>Eric Greenberg
>Author, Mission Critical Security Planner
>http://www.amazon.com/exec/obidos/ASIN/0471211656
>http://www.CriticalSecurity.com
>
>
>
>
>
>rslade@sprint.ca (Rob Slade, doting grandpa of Ryan and Trevor) wrote in message news:<JO5Da.4577$Q%6.38848@newscontent-01.sprint.ca>...
>> BKMSCRSP.RVW 20030330
>>
>> "Mission Critical Security Planner", Eric Greenberg, 2003,
>> 0-471-21165-6, U$35.00/C$54.95/UK#25.95
>> %A Eric Greenberg
>> %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
>> %D 2003
>> %G 0-471-21165-6
>> %I John Wiley & Sons, Inc.
>> %O U$35.00/C$54.95/UK#25.95 416-236-4433 fax: 416-236-4448
>> %O http://www.amazon.com/exec/obidos/ASIN/0471211656/robsladesinterne
>> http://www.amazon.co.uk/exec/obidos/ASIN/0471211656/robsladesinte-21
>> %O http://www.amazon.ca/exec/obidos/ASIN/0471211656/robsladesin03-20
>> %P 416 p.
>> %T "Mission Critical Security Planner"
>>
>> In the introduction, Greenberg claims that his book provides guidance
>> on how to do quantitative security planning without calculations
>> (which sounds somewhat self-contradictory) using a new technique he
>> calls impact analysis (which doesn't sound too different from business
>> impact analysis). A technical background is said to be unnecessary,
>> the process is worksheet based, and the target audience is security
>> managers.
>>
>> Chapter one says that protecting information is not exact (a statement
>> that doesn't seem to fit well with the worksheet approach). Random
>> security topics include planning, intruders, and a risk analysis
>> example which is, ironically in view of the introduction, more
>> computationally intensive than most. An overview of planning, in
>> chapter two, majors on the minors. Policies are not discussed until
>> twenty five pages into the material, and then the emphasis is on very
>> specific areas like exit (termination of employment) procedures,
>> leaving huge topics uncovered. Twenty eight security elements are
>> listed, and all are important, but almost all are either over-vague or
>> over-specific.
>>
>> Chapters three and four introduce the worksheets themselves. Sixteen
>> topic areas have four sheets each, dealing with the technical,
>> lifecycle, business, and "selling to management" aspects of the
>> themes, while other domains may have only a single sheet. The
>> questions listed may be helpful as reminders to address certain
>> aspects which are often overlooked, but the odd and arbitrary
>> structure is confusing, and the real work is definitely left as an
>> exercise to the reader.
>>
>> A description and analysis of PKI (Public Key Infrastructure), in
>> chapter five, is vague and weak, and contains much unrelated material.
>> Chapter six is a recap of the book, along with a simple list of
>> threats.
>>
>> While the advice in the book is not wrong or misleading, and many
>> important and useful points are buried throughout, poor organization,
>> a lack of consistent depth, and gaps in topical coverage ensure that
>> the text would only poorly repay the investment of time spent studying
>> it. Certainly it should not be used as a major guide to structure the
>> security planning process.
>>
>> copyright Robert M. Slade, 2003 BKMSCRSP.RVW 20030330
>>
>> --
>> ======================
>> rslade@sprint.ca rslade@vcn.bc.ca slade@victoria.tc.ca p1@canada.com
>> "If you do buy a computer, don't turn it on." - Richards' 2nd Law
>> ============= for back issues:
>> [Base URL] site http://victoria.tc.ca/techrev/
>> or mirror http://sun.soci.niu.edu/~rslade/
>> CISSP refs: [Base URL]mnbksccd.htm
>> Security Dict.: [Base URL]secgloss.htm
>> Security Educ.: [Base URL]comseced.htm
>> Book reviews: [Base URL]mnbk.htm
>> [Base URL]review.htm
>> Partial/recent: http://groups.yahoo.com/group/techbooks/
>> Security Educ.: http://groups.yahoo.com/group/comseced/
>> Review mailing list: send mail to techbooks-subscribe@egroups.com



Relevant Pages