REVIEW: "Information Security and Ethics", Marian Quigley

BKINSCET.RVW   20080207

"Information Security and Ethics", Marian Quigley, 2005,
1-59140-233-6, U$64.95
%E   Marian Quigley
%C   Suite 200 701 E. Chocolate Ave., Hershey, PA   17033-1117
%D   2005
%G   1-59140-233-6
%I   IRM Press/Idea Group/IGI Global
%O   U$64.95 800-345-432 717-533-8845 cust@[EMAIL PROTECTED]
  http://www.amazon.com/exec/obidos/ASIN/1591402336/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1591402336/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1591402336/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   317 p.
%T   "Information Security and Ethics: Social and Organizational
      Issues"

Given the title, one might have hoped for more integration of the
topics of security and ethics.  In fact, the book is strictly divided
into two different sections: one for ethics, and one for security.

Part one pur****ts to be about ethics.  Chapter one describes the Web
in social terms, but has limited relevance for ethics.  The initial
material in chapter two, on the digital divide between those who have
and use Internet access and those who don't, is interesting, but the
paper turns out to be simply a proposal for a study to determine
whether there is a digital divide, and what form it takes.  Chapter
three re****ts on a study that says the digital divide exists.  The
economic and labour market advantages of making Web pages accessible
to those with disabilities are promoted in chapter four.  Some aspects
of a theoretical background to the ethics of such accessibility are
examined in chapter five (which is the first time we've really had
much to do with ethics at all).  Dropping ethics again, chapter six
briefly notes some problems with Internet voting.  A general
discussion of children and online ****ography, detailing Australian
media classifications, makes up chapter seven.  Chapter eight tells us
that young people use mobile (or cellular) phones a lot with their
friends and communities.

Part two turns to security.  Chapter nine suggests that we have
learned something about information security from the Y2K problem and
the 9/11 attacks, but it doesn't really say why or what (aside from
the fact that we need security).  Some vague ideas about cryptography
are in chapter ten.  You can *****s your security controls, chapter
eleven tells us, by determining whether they perform the security you
intended them to achieve.  (This, apparently, is known as a
"strategy.")  Chapter twelve tells us that the security literature
says we should have security policies.  We should have security
metrics, says chapter thirteen, and to prove it, cites security
frameworks which don't.  Chapter fourteen promotes digital rights
management.

The book, as a whole, has no theme or thread to it.  In addition, the
individual papers have very little to contribute to the security
literature.  I cannot think of an audience that would benefit from
this work.

copyright Robert M. Slade, 2008   BKINSCET.RVW   20080207

-- 
====================== 
rslade@[EMAIL PROTECTED]
      slade@[EMAIL PROTECTED]
     rslade@[EMAIL PROTECTED]
"Dictionary of Information Security," Syngress               1597491152
http://www.syngress.com/catalog/?pid=4150
Dictionary of Info Sec       www.amazon.com/exec/obidos/ASIN/1597491152
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs:     [Base URL]mnbksccd.htm
Book reviews:   [Base URL]mnbk.htm
Review mailing list: send mail to techbooks-subscribe@[EMAIL PROTECTED]
                       or techbooks-subscribe@[EMAIL PROTECTED]