IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Information Security Book Reviews


Beyond Fear, Bruce Schneier, 2003

It is instructive to view this book in light of another recent publication. Marcus Ranum, in "The Myth of Homeland Security" (cf. BKMYHLSC.RVW) complains that the DHS (Department of Homeland Security) is making mistakes, but provides only tentative and unlikely solutions. Schneier shows how security should work, and does work, presenting basic concepts in lay terms with crystal clarity. Schneier does not tell you how to prepare a security system as such, but does illustrate what goes on in the decision-making process.

Read More ...

Operational Risk: Regulation, Analysis, and Management, Carol Alexander, 2003

In 1999, the Basel Committee on Banking Supervision (BCBS), spurred by recent bank collapses, started working toward an Accord in regard to risk management. The eventual Accord, also known as Basel II, was not wholly defined, but established three points or "Pillars": that banks establish a capital reserve somewhat commensurate with their total risk, that risk management plans be subject to a supervisory review, and that such plans be disclosed. Operational risk was defined as" the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events."

Read More ...

Secrets of Computer Espionage, Joel McNamara, 2003

I suppose one might be able to make a case that this book is about computer espionage, but the contents are hardly secret. The fact that the introduction is decidedly vague about the audience--anyone concerned that someone might want to spy on their data--would lead one to suspect that this is another attempt to jump on a hot bandwagon, without necessarily doing a lot of research first. And, in this case, one would be right.

Read More ...

Inside the Security Mind, Kevin Day, 2003

I am quite sympathetic to the idea that the realization of a security mindset or attitude (I frequently refer to it as professional paranoia) is more important to attaining security than isolated technical skills. I'm sorry to say that this work is not likely to help you find, attain, or assess that protection perspective.

Read More ...