ComputingReviews.com

Computer security risk management
Palmer I., Potter G., Van Nostrand Reinhold Co.,New York, NY,1989.Type:Book

Date Reviewed: 04/01/91

Countless annoyances mar this somewhat useful, well-organized handbook for neophyte security managers. Its treatment of an important subject contains much that may help those who need a comprehensive, but shallow, view of computer security. Chapters address databases, programming practices, “Micro Computers,” ledger systems, communications and networks, cryptology, viruses, passwords, personnel security, documentation, contingency planning, insurance, risk management, and life cycle security.

Readers should avoid being misled by the authors’ most egregious imprecisions and outright inaccuracies. The statement that “the Trojan Horse method is the most common method of computer program based frauds and sabotage” (p. 15) is true only with a very strict and rare interpretation of “program-based.” “Password security can be further enhanced by the use of a typical password [like] MFK/Z6!T” (p.111) only if users have superhuman tolerance for impossible-to-remember secrets. The book’s alarmist tone, typified by unsupported “propositions” that allege growth in fraud proportional to growth in computer usage, could lead a naïve reader to gross overemphasis on security measures.

Such major problems overshadow the book’s more pedestrian flaws, such as the fact that all page numbers in its index are ten too low. SRI International, the National Institute of Standards and Technology, and Bob Courtney are misnamed in the text, while “virus,” “hacker,” “public key cryptography” (which is equated to “RSA”), and the “Bell-Lapadula model” are among the many terms that are misused. The last is one of about a dozen terms that appear in the book’s glossary but nowhere else. Undefinable terms such as “mini seconds” (p. 15) and “intrinsic software” (p. 17) also litter the text.

The total absence of references to other works is quite consistent with the book’s careless treatment of objective topics. American readers may be bothered by its use of British spelling, punctuation, and vocabulary throughout and by the unapologetic use of masculine pronouns for all human antecedents of unspecified gender. Altogether, this book is hardly the best, but still not the worst, of its type.

Reviewer: S. A. Kurzban

Review #: CR114902

Reproduction in whole or in part without permission is prohibited. Copyright 2024 ComputingReviews.com™
Terms of Use | Privacy Policy