Average Reviews:
(More customer reviews)Security 101 dictates the importance of an effective set of information security policies and procedures. The granddaddy of such books is Information Security Policies Made Easy by Charles Cresson Wood that contains over 1000 well-written security policies.
The importance of best practices for information security is easily understood in the post September 11 era, combined with the fact that more and more companies are connecting their corporate networks to untrusted public networks without the appropriate level of security and protection.
With such a need, Information Security Best Practices: 205 Basic Rules sounded like it could fill such a void. Unfortunately, the book suffers from a number of flaws. First, its organizations is not logical. The book starts chapter 1 with the topic of e-mail spam, while a fundamental topics such as network architecture is not dealt with until chapter 5.
The book contains numerous errors. While some are small, many others were rather significant. Innocuously, the author called the ICSA the NCSA, even though its name was changed over 4 years ago. Incorrectly, the book states the an uninterruptible power supply (UPS) will eliminate power surges along power lines. A UPS will provide protection from power surges, but can't eliminate them. Finally, the book states as a best practice to use halon for fire control, yet halon production was banned under the Clean Air Act of 1994.
The author has significant department of defense experience, which explains why the book would suggest security controls such as C2 and TEMPEST shielding. First off, the C2, from the Orange Book has been retired and replaced by the Common Criteria. Secondly, TEMPEST shielding is far too expensive for most companies, combined with the fact that the there are few individuals who are competent in Tempest technology in the private sector, since the specifics of TEMPEST are still classified.
Those looking for a good reference would be better served by reading Information Security Policies Made Easy or its less expensive cohort Writing Information Security Policies by Scott Barman (New Riders, 2001 ISBN: 157870264X)
Click Here to see more reviews about: Information Security Best Practices: 205 Basic Rules
Click here for more information about Information Security Best Practices: 205 Basic Rules
No comments:
Post a Comment