Rating: 
Summary: Well Worth The Price!
Review: This book is probably too radical to be useful as study material for the CISSP, which tends to be mired in a traditional security practice concept that Parker characterizes as `alchemy.' Obsoleting the common three elements of security, confidentiality, integrity, and availability, the fundamentals of his new framework of information security are availability, utility, integrity, authenticity, confidentiality, and possession. He debunks a number of the tenets of computer security claiming early on that there are "no valid statistics on computer crime," stressing that information security "can never be a science," and warning that "starting with vulnerabilities is starting in the middle." He's quite harsh in his indictment of numeric and financial threat analysis, claiming that "adopting baseline controls is a simpler, less expensive, and more effective way to select security safeguards than risk assessment." Parker has a very business-oriented and pragmatic approach to security, and tries to suggest ways that security can help meet business goals instead of conflicting with them. I purchased the book on a recommendation that I would find his comprehensive threats/assets/vulnerabilities model of security useful. Within the offenders sub-category, for instance, he breaks down the characteristics of a computer criminal by skills, knowledge, resource availability, authority, motivation, intent, and extremism. This represents a much more sophisticated analysis of information attackers than the typical hacker-criminal-spy spectrum that I usually describe. He's only lukewarm towards the value of technical penetration testing and characterizes social engineering demonstrations as misguided and harmful. I hadn't realized it when purchasing Fighting Computer Crime, but my introduction to the concepts of computer security was through a copy of Parker's first book that I read in 1980. As a consultant at SRI, he's been fighting computer crime since the early 1960s. Although he is very oriented towards criminal justice, which may be a turn-off to some, his approach to security is holistic and multi-disciplinary. After hundreds of meetings with computer criminals, he's developed a detailed understanding of how they behave, what they do and how to protect information from them. This is the most mind-expanding book on computer security that I've ever read. While I don't agree with Parker 100%, there isn't a lot that I could find fault with. I find his arguments very compelling and I strongly recommend this book for all computer security practitioners and those with responsibility for information systems.
Rating: 
Summary: GREAT BOOK!
Review: This is a great book. Donn Parker is one of the patriarchs of information security. He is reasonable and pragmatic. No hype, just great information.
Rating:
Summary: GREAT BOOK!
Review: This is a great book. Donn Parker is one of the patriarchs of information security. He is reasonable and pragmatic. No hype, just great information.
Rating:
Summary: Well Worth The Price!
Review: Well written and put together. I'm a fan of Wiley books and this one was no let down. I think the author did a commendable job of dealing with a very complicated issue.
| 
