Customer Reviews

Computer Security Handbook

5 star:		(10)
4 star:		(0)
3 star:		(2)
2 star:		(0)
1 star:		(0)

 

 

This book is the Bible of information security. I stumbled into the 3rd edition (published in 1995) years ago and found it quite helpful, but dated by the time I acquired it. I was simply stunned and enthralled when I discovered a 4th edition had been published. I ordered it immediately, and waited impatiently to arrive... (2 day air)... I received it today, and I can't put it down. It has completely exceeded my expectations, which were considerable given I was very much impressed with the 3rd. This book belongs in any security professionals library. If you haven't got it, you are missing the definitive compendium of security information. Once you have mastered this text, other books do an excellent job of drilling further into the details, but few can exceed the sheer scope and thoroughness of this tome. For those worried about acquiring obsolete texts, this edition is completely current and up to date! Very impressive. Highly recommmended.

This is an amazing book stuffed with details of every facet of Information Technology Security. If you can't find the security guidance you want here, it doesn't exist. The material is neatly organizated into eight parts with a detailed index to make it easy to find answers. I found that by turning the pages and looking at the figures, I discovered all kinds of topics I hadn't previously thought about. Full disclosure requires me to announce that I wrote Chapter 47, and collaborated on Chapter 1, but this hasn't skewed my view of all the other chapters as outstanding work by all the other authors.

I am offering an IT Security undergraduate course for the first time this Fall in a Business School environment. I reviewed many books on IT security before I selected this title for my course. The vast majority of Security books are nuts-and-bolts oriented, great for Engineers and Computer Scientists but lacking depth for the IT manager.

This book is a welcome relief since it contains such a wealth of information valuable to anyone working as an IT practitioner. It has several strenghts that other IS security books do not have: The current edition has been revised since the events of September 11th and thoughtfully reflects the change of the collective mindset of the IT world. Secondly, each Chapter is written by an expert in their respective fields. Thirdly, there is is a collection of references and links at the end of each Chapter which I found to be particularly valuable.

My course covers about half the topics in this book. The chapters on: Information Warfare, Denial of Service Attacks, Protecting Internet Visible Systems, Public Key Infrastructure and Computer Audit stand out in my mind as outstanding.

I intend to use this book again next Fall when this course is offered once more.

This book is an anthology of carefully selected papers by experts in their respective knowledge areas. The organization of the papers is consistent with the basic principle of security - layered security in depth, and covers management responsibility, basic safeguards, and physical and technical protection, and special issues.

What makes this book such a valuable reference is the care with which the editors chose topics. Each topic area is a critical success factor to implementing and managing an effective security posture, and I especially like the inclusion of papers on "Policies, Standards and Procedures" and "Legal Issues in Computer Security" in the section devoted to Management Responsibility. The paper on risk management in this section is also excellent.

The section on basic safeguards actually goes beyond the domain of IS security by addressing disaster recovery (this discipline is independent of IS security, but is closely related), and cross functional topics, such as auditing and application controls. These topics are the core of IS security and I was pleased to see them included in the form of exceptionally well written, in-depth papers.

Other highlights, in my opinion, are "Security of Computer Data, Records, and Forms" (an often overlooked, but critical element of IS security), and "Outside Services". Both of these papers show the width and depth of the topics covered in this excellent book. If you are an IS security manager this book is an essential desk reference, and it is also useful to anyone managing production support and service delivery functions, or tasked with vendor management. In my opinion this is one of the best IS security references available and I highly recommend it.

I recently used this book as the text for my Information Security course. The feedback from students has been outstanding. "Very current", "easy to follow", "liked the compilation of thoughts from multiple viewpoints", ect., are just some examples of the feedback.

The book methodically unfolds atop a solid foundation, building on threats and vulnerabilties, and, culminating in prevention, detection, remediation and management's role. It not only had good coverage but also is very current (9/11).

I highly recommend this book to both the novice and security professional. The sections by Mr. Bosworth are particularly enlightening (ie. Information Warfare).

This is a text book, with very helpful information for my Information Assurance Course. I bought it from Amazon for a reasonable price. Received as promised; on time for my first day of school.

This book is a must have for anyone working in the Information Assurance/Computer Security field. "Big Blue" was written by experienced professionals who are considered experts in their field. The book contains sections pertaining to every conceivable aspect of Infomation Assurance. I am currently using this book in my Masters program at Norwich University, and will continue to use it as a reference for many years to come. Mich Kabay and Sy Bosworth are to be commended for consolidating all of this information into one superb book. Great job!!

I always wanted to invite as many experts to speak to my students to demonstrate the applied side of IA and to complement and make sense of the overwhelming theory we bring to class. This book contained just the best paper selection any graduate IA course needs to efficiently convey real-world experience to students. The book presented vigorously the security concepts needed and covered management responsibility, basic safeguards, and physical and technical security solutions. The book also covered security policy and planning an area that is often overlooked in the IA literature. My students and I really enjoyed this book.
This book is comprehensive and complete. It is also efficiently organized into sections and well indexed and hence simple to search and read. This book is certainly a valuable reference that instructors and students have to have as a textbook. This book is also an excellent and essential desk reference any IS security administrator or IT manager needs.

Previous reviews here do not exaggerate the excellence and value of this book. It is totally up-to-date (2/2002), incredibly complete and entirely readable. This is an excellent resource, regardless of your level of expertise. It contains the A to Z for mainframe, PC and network threats, vulnerabilities, prevention, detection, remediation, and encryption, among other thought-provoking topics.

You may be able to find this book for less elsewhere, (I did) but if you can't, don't let that deter you from purchasing this volume. It is an absolute must for any security practioner.

I was expected much more of this book. It is very general. It is meant for general public not for computer professionals. There is lots of repeating. 1200 pages of text with just a few pictures. Very boring. It is meant more for lawyers and philosophers than for other population. I don't recommend for system or network administrators.