Information Security: Protecting the Global Enterprise

p. 112: "Access should allow anyone who is authorized, anywhere, information can be safely distributed, at any time."

This is either an incomplete sentence or a run-on sentence.

p. 114: "Notes in user manuals may include useful, even passwords."

This is apparently an incomplete sentence.

p. 116: "Security policies are enforced uniformly throughout a security domain. It interacts with other security domains at access points."

Because the verb "are enforced" has no subject, we are left to assume that the referent of the pronoun "it" in the second sentence is "security domain."

p. 116: "A domain of trust is part of a security domain that supports a common trust model..."

Does the clause beginning with "that" modify "security domain", as indicated by the position of the clause in the sentence? Or should it modify "part", which should then probably be "the part"? Who knows for certain?

p. 117: "Switches only transmit a packet to the particular device for which it is addressed."

This is only one of many sentences in which the author misplaces the delimiter "only".

It should probably be placed before "to the particular device". By the way, shouldn't a packet be addressed "to" a device, rather than "for" a device?

p. 122: "Any specific user should have only one identifier, even if the user performs multiple roles in the organization. This simplifies the association of individual identity for both the user and for the information system. It simplifies management and issuance of identifiers and reduces confusion in tracking the user and controlling which resources he or she uses.
There must be a one-to-one relationship between the individual and the identifier. This allows for individual accountability and ensures..."

To which referents in the above passage does the indicative pronoun "this" in sentences two and five point? To which referent does the pronoun "it" in sentence three point?

p. 123: " The use of holograms, which are difficult and expensive to reproduce, are widely used."

This sentence, in its simplest subject-predicate form, reads: "The use are used."

Add to this the penchant of this writer, as is true with many writers in the field of information systems, to expand an abbreviation only the first time it is used and then to use the abbreviation forever after as if it were a word. This practice forces the student who is new to the field of information to pause every time he encounters the unfamiliar abbreviation to recall what it means.

Many of the errors in grammar and syntax that I have pointed out are relatively minor and can be overcome with a little reflection. The cumulative effect of so many errors, however, is a text that is an obstacle to understanding.

We all know that much software in use today is full of bugs. When we examine how writers in the field of information systems use the language that they have been studying since birth, however, we understand why so much software is flawed. It seems that many writers on topics related to computers consider close to be good enough. It just seems odd to me, though, in the age of software designed specifically to check for grammatical errors.

Rating:
Summary: An obstacle to understanding
Review: I currently am taking a course in computer security, for which this book is required reading. To be kind, I will say that, rather than being a resource that augments and highlights the material that the instructor presents in his lectures, this book is an obstacle to understanding computer security. A quick examination sample sentences from chapters 8 and 9 shows why.

p. 112: "Access should allow anyone who is authorized, anywhere, information can be safely distributed, at any time."

This is either an incomplete sentence or a run-on sentence.

p. 114: "Notes in user manuals may include useful, even passwords."

This is apparently an incomplete sentence.

p. 116: "Security policies are enforced uniformly throughout a security domain. It interacts with other security domains at access points."

Because the verb "are enforced" has no subject, we are left to assume that the referent of the pronoun "it" in the second sentence is "security domain."

p. 116: "A domain of trust is part of a security domain that supports a common trust model..."

Does the clause beginning with "that" modify "security domain", as indicated by the position of the clause in the sentence? Or should it modify "part", which should then probably be "the part"? Who knows for certain?

p. 117: "Switches only transmit a packet to the particular device for which it is addressed."

This is only one of many sentences in which the author misplaces the delimiter "only".

It should probably be placed before "to the particular device". By the way, shouldn't a packet be addressed "to" a device, rather than "for" a device?

p. 122: "Any specific user should have only one identifier, even if the user performs multiple roles in the organization. This simplifies the association of individual identity for both the user and for the information system. It simplifies management and issuance of identifiers and reduces confusion in tracking the user and controlling which resources he or she uses.
There must be a one-to-one relationship between the individual and the identifier. This allows for individual accountability and ensures..."

To which referents in the above passage does the indicative pronoun "this" in sentences two and five point? To which referent does the pronoun "it" in sentence three point?

p. 123: " The use of holograms, which are difficult and expensive to reproduce, are widely used."

This sentence, in its simplest subject-predicate form, reads: "The use are used."

Add to this the penchant of this writer, as is true with many writers in the field of information systems, to expand an abbreviation only the first time it is used and then to use the abbreviation forever after as if it were a word. This practice forces the student who is new to the field of information security to pause every time he encounters the unfamiliar abbreviation to recall what it means.

Many of the errors in grammar and syntax that I have pointed out are relatively minor and can be overcome with a little reflection. The cumulative effect of so many errors, however, is a text that is an obstacle to understanding.

We all know that much software in use today is full of bugs. When we examine how writers in the field of information systems use the language that they have been studying since birth, however, we understand why so much software is flawed. It seems that many writers on topics related to computer consider close to be good enough. It just seems odd to me, though, in the age of software designed specifically to check for grammatical errors.

Rating:
Summary: A comprehensive look at computer security
Review: Information Security is a must have for anyone involved with computer security. I realized that I've been securing computer systems by focusing on the 3-As (authentication, authorization and audit). This book describes 10 attributes of information security that have to be addressed. It has opened my eyes to areas of security that I had overlooked.

Rating:
Summary: Excellent information security overview
Review: Information Security: Protecting the Global Enterprise is a very good guide to those looking for a management level introduction into the core concepts of information security.

Pipkin writes in an easy to understand style without a lot of arcane acronyms or techno speak.

The book has a good step-by-step approach and is a very good starting point for those looking to design their information systems security architecture.

The book is a great place to start ones security roadmap and initiative and as a launching point for more in depth work.

Rating:
Summary: An excellent strategic guide
Review: Pipkin's book is a nice guide to strategic information security. Don't expect buffer overflows, connection hijacking, or any other topics covered at Defcon -- this one's for planning and implementing corporate-wide security.

It could be used as a step-by-step walk through for an IT or security manager on his/her foray into managing large-scale security. Heck, that's what I'm doing, and I'm following this book cover to cover.

What are this book's strengths?

Well, I particularly like the step-by-step approach. It carves the mammoth task into smaller, more manageable chunks. It lets me see where I'm going, and it helps me to decide how deeply I want to delve into each subject. Someone could easily spend months or longer on the first chapter about assessing value. Seeing the whole process gives me some perspective on where I need to spend the most time, and what kind of resources I'm going to need to plan and implement this security plan.

What do I wish was different?

Well, the outlines are a bit sparse sometimes. The book is really good at giving structure to this whole process, but it doesn't give too many details on how to go about accomplishing each and every task. I hesistate to call this a failing, however, because it's just -too- complex. I think the book is about as specific as it could be, given its high-level strategic approach. I'm using this book as my roadmap, and searching out much more in-depth information as it becomes necessary.

In short, this book is a very welcome addition to my bookshelf. I'd recommend it to anyone responsible for information security.

Rating:
Summary: An excellent strategic guide
Review: Pipkin's book is a nice guide to strategic information security. Don't expect buffer overflows, connection hijacking, or any other topics covered at Defcon -- this one's for planning and implementing corporate-wide security.

It could be used as a step-by-step walk through for an IT or security manager on his/her foray into managing large-scale security. Heck, that's what I'm doing, and I'm following this book cover to cover.

What are this book's strengths?

Well, I particularly like the step-by-step approach. It carves the mammoth task into smaller, more manageable chunks. It lets me see where I'm going, and it helps me to decide how deeply I want to delve into each subject. Someone could easily spend months or longer on the first chapter about assessing value. Seeing the whole process gives me some perspective on where I need to spend the most time, and what kind of resources I'm going to need to plan and implement this security plan.

What do I wish was different?

Well, the outlines are a bit sparse sometimes. The book is really good at giving structure to this whole process, but it doesn't give too many details on how to go about accomplishing each and every task. I hesistate to call this a failing, however, because it's just -too- complex. I think the book is about as specific as it could be, given its high-level strategic approach. I'm using this book as my roadmap, and searching out much more in-depth information as it becomes necessary.

In short, this book is a very welcome addition to my bookshelf. I'd recommend it to anyone responsible for information security.

Rating:
Summary: Not Practical or Theoretical, but Management
Review: This book is not practical, neither is it theoretical. It is geared towards management and tries to give an overview of what is needed to ensure information security. It does this by being extremely descriptive and utilising one step at the time methodology, while in some cases brushing over some details and in others go off-tangent by giving explanations to certain things that should be obvious for information security professionals.

Regardless, I really liked the book! Recommended reading.

Rating:
Summary: Good Book for organize your Security work
Review: This book will help you to generate a work plan for your security consulting. Very important tips, but it is just a begining.

Rating:
Summary: Manage information at enterprise level
Review: This is a very good book for IT people expand their security scope into enterprise level. Some other books take more an auditor's view, this one provides structures and practices just enough for IT people. Unless your organization need a BS7799 certification, this is the book you need to read through.