BKACCDEN.RVW 20020604 "Access Denied", Cathy Cronkhite/Jack McCullough, 2002, 0-07-213368-6, U$24.99 %A Cathy Cronkhite %A Jack McCullough %C 300 Water Street, Whitby, Ontario L1N 9B6 %D 2001 %G 0-07-213368-6 %I McGraw-Hill Ryerson/Osborne %O U$24.99 905-430-5000 800-565-5758 fax: 905-430-5020 %P 283 p. %T "Access Denied: The Complete Guide to Protecting Your Business Online" The introduction states that business leaders often lack the background to deal with technical security issues, and that the book seeks to fill the technical gap. Ordinarily I am wary of such claims, particularly in such slim volumes, but, after a poor start, this one works surprisingly well. Chapter one concentrates on "hackers." There is sensationalism, and there are errors, such as confusing Clifford Stoll's "wily hacker" with members of the Chaos Computer Club, but the text does at least divide security breakers into various camps, rather than lumping them all together. The discussion of viruses and malware, in chapter two, is the all-too-common unreliable mix of errors (the "Cokegift" prank is stated to be a virus) and reasonable material. A random collection of email dangers and netiquette makes up chapter three. Another miscellaneous list of Internet attacks and some misinformation (a discussion of "poisoned" cookies) is given in chapter four, but no means of protection. After this, however, the book improves. The review of encryption, in chapter five, is a clear presentation for the non-specialist. Chapter six is a reasonable guide to backup. Network security loopholes, and means of protecting them, are in chapter seven. Physical security is covered in chapter eight. Chapter nine looks at remote, wireless, and cellular security. Intrusion detection and documentation (suitable for presentation to law enforcement) is in chapter ten. The material on risk analysis, in chapter eleven, is slightly facile, but is a good accompaniment to policy development. The subtitle slightly overstates the case in terms of completeness, but this work certainly is worthy of review by any manager without a technical background, who nevertheless needs to make decisions about security. copyright Robert M. Slade, 2002 BKACCDEN.RVW 20020604