It may sound like blatant sucking up, but it must be said: Most eWeek print subscribers are simply light years ahead of the "security? Huh? Whats that?" technology sophistication reflected in "Safety Net."
Just scanning the illustrations should warn off most (serious, experienced) IT people. Take Figure 7.1, in Chapter 7, titled Reducing Denial of Service Attacks, for example. The illustration is labeled "Normal Internet Connection." It displays a series of client PCs and servers with arrows between them. In the first row, the client says, "Hello, Server." The second row: The server says, "Hello, Client."
This scintillating dialogue is all a setup for Figure 7.2, in which a DOS attack has the servers arrow skewed, alas! "Where are you?" laments the server, with no reply, as it responds to a fraudulent IP address. "Ill wait," the server mopes.
Its strangely kindergarten-level, to say the least. Not that useful technical information is nowhere to be found within the book. But its buried beneath chapters that detail--in excruciatingly long-winded, business-ese, stun-you-into-a-coma-meeting-talk prose—subjects such as why one would want to perform risk analysis and how does one perform risk analysis and what should one do with the little pieces of paper that make up a risk analysis (OK, I made the last one up, but you get the idea.) Technically sophisticated readers will give up before hitting anything usable.
The best use of this book is as a primer, to be given, perhaps, to colleagues who need an overview of the security landscape. Public relations workers, for example, could benefit from Chapter 9: "Handling Public Relations After a Cyber-Attack." And execs who want to sound knowledgeable about security could probably benefit from the authors summary of some important (although dated) facts about the state of information security: i.e., computer crime cost U.S. companies around $10 billion in 2001; companies averaged a loss of $256,000 to security breaches in 2000; a 2001 CSI/FBI survey indicated that 69 percent of responding organizations experienced computer breaches in 2000.
Granted, such material can be found easily within the parameters of a Google search. But its nice to have it in book form, and it certainly comes in handy for speech-sprinkling. But for those people who are actually securing the enterprise, never mind reading this book. Heck, the security landscapes changed since you started reading this book review.
Better you get back to the software patching.
IT Careers Managing Editor Lisa Vaas can be reached at firstname.lastname@example.org.
- Title: Safety Net: Protecting Your Business on the Internet
- Author: Kathleen Sindell
- Publisher: John Wiley & Sons Inc. (www.books.mcgraw-hill.com)
- Length: 330 pages
- Price: $29.95