BKIISMRS.RVW 20020825 "Internet and Intranet Security Management", Lech Janczewski, 2000, 1-878-28971-3, U$69.95 %E Lech Janczewski %C 1331 E. Chocolate Ave., Hershey, PA 17033-1117 %D 2000 %G 1-878-28971-3 %I IRM Press/Idea Group %O U$69.95 800-345-432 fax: 717-533-8661 cust@idea-group.com %O http://www.amazon.com/exec/obidos/ASIN/1878289713/robsladesinterne %P 302 p. %T "Internet and Intranet Security Management: Risks and Solutions" There is a heavy emphasis, in the preface, on the book's being up to date. Yet the very first article relies on survey data that was three years old at the time the essay was written. Part one supposedly talks about the state of the (security, one assumes) art. Chapter one is a vague and superficial look at random topics and technology related to security, plus results of the aforementioned opinion poll. A list of Internet security problems, and solutions that are not connected to the difficulties, make up chapter two. Part two deals with managing Internet security. Chapter three has terse descriptions of a number of theories of trust, related to some generic security concepts. There are brief overviews of the TCSEC (Trusted Computer System Evaluation Criteria), Common Criteria, and not-really-the-BS7799 in chapter four. Out of thirty three pages in chapter five, three discuss the general subject of Web security, while there is almost nothing on the titular topic of management of Web security. Part three reviews cryptographic and technical security standards. (There are a great many grammatical errors, and the authors use almost-but-not-quite standard terminology.) Chapter six is an opinionated piece, but does touch on some basic cryptographic ideas. Myths and limitations of cryptography are listed in chapter seven. Chapter eight has descriptions, that are both overly technical and incomplete, of ISO cryptographic standards. Part four talks about law and security. Chapter nine discusses privacy, but only in regard to employer monitoring of employee email. The weaknesses of the New Zealand privacy law are commented on in chapter ten. It is difficult to say that any audience would benefit from this vague collection of unfocused ideas. copyright Robert M. Slade, 2002 BKIISMRS.RVW 20020825