Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Computer security risk management
Palmer I., Potter G., Van Nostrand Reinhold Co., New York, NY, 1989. Type: Book (9780442302900)
Date Reviewed: Apr 1 1991

Countless annoyances mar this somewhat useful, well-organized handbook for neophyte security managers. Its treatment of an important subject contains much that may help those who need a comprehensive, but shallow, view of computer security. Chapters address databases, programming practices, “Micro Computers,” ledger systems, communications and networks, cryptology, viruses, passwords, personnel security, documentation, contingency planning, insurance, risk management, and life cycle security.

Readers should avoid being misled by the authors’ most egregious imprecisions and outright inaccuracies. The statement that “the Trojan Horse method is the most common method of computer program based frauds and sabotage” (p. 15) is true only with a very strict and rare interpretation of “program-based.” “Password security can be further enhanced by the use of a typical password [like] MFK/Z6!T” (p.111) only if users have superhuman tolerance for impossible-to-remember secrets. The book’s alarmist tone, typified by unsupported “propositions” that allege growth in fraud proportional to growth in computer usage, could lead a naïve reader to gross overemphasis on security measures.

Such major problems overshadow the book’s more pedestrian flaws, such as the fact that all page numbers in its index are ten too low. SRI International, the National Institute of Standards and Technology, and Bob Courtney are misnamed in the text, while “virus,” “hacker,” “public key cryptography” (which is equated to “RSA”), and the “Bell-Lapadula model” are among the many terms that are misused. The last is one of about a dozen terms that appear in the book’s glossary but nowhere else. Undefinable terms such as “mini seconds” (p. 15) and “intrinsic software” (p. 17) also litter the text.

The total absence of references to other works is quite consistent with the book’s careless treatment of objective topics. American readers may be bothered by its use of British spelling, punctuation, and vocabulary throughout and by the unapologetic use of masculine pronouns for all human antecedents of unspecified gender. Altogether, this book is hardly the best, but still not the worst, of its type.

Reviewer:  S. A. Kurzban Review #: CR114902
Bookmark and Share
 
Security and Protection (K.6.5 )
 
 
Information Systems Education (K.3.2 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
CIRCAL and the representation of communication, concurrency, and time
Milne G. ACM Transactions on Programming Languages and Systems 7(2): 270-298, 1985. Type: Article
Oct 1 1985
Computers at risk
, National Academy Press, Washington, DC, 1991. Type: Book (9780309043885)
Oct 1 1991
Computer security basics
Russell D., G. T. S., O’Reilly & Associates, Inc., Sebastopol, CA, 1991. Type: Book (9780937175712)
Jul 1 1992
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 2004 Reviews.com™
Terms of Use
| Privacy Policy