Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Computer security: a comprehensive controls checklist
Wood C., Banks W., Guarro S., Garcia A., Hampel V., Sartorio H., Wiley-Interscience, New York, NY, 1987. Type: Book (9789780471847953)
Date Reviewed: Feb 1 1988

Computer security is a checklist that originated in a project for the United States Air Force Logistics Command. Its stated purpose is to be of value to “users who need to acquire familiarity with, and then keep abreast of, the rapidly changing computer security field.” The authors state that the checklist is suitable for first-time users, system security analysts, and pragmatic managers.

After an 18-page discussion of how to use the checklist (which includes a complicated formula for arriving at numerical weights), the rest of the book is devoted to a reproduction of the checklist itself. This is divided into sections on security (personnel, systems development, training, organization, physical access, input/output, processing, database software, telecommunications) and survivability. Legal protection is discussed, although this topic is not included in the checklist. Finally, a selected bibliography is presented. The bibliography contains a good list of journals and periodicals; however, the latest references are from 1986, and those are skimpy. Unfortunately, a list of security-related organizations and special interest groups is not included as a separate item.

The checklist approach is a mechanical scheme to assure correctness in many fields. The danger to this approach is that the neophyte will be tempted to use checklists in place of expert counsel. A checklist might be useful to experts as a reminder of all the aspects to be covered in their work, but again, the checklist provider must cover every possible area. Perhaps this is the side of government contract work people can be confident in, since every possible aspect is usually included in this work. However, would it be wise to trust a security program to whatever happens to be in such a checklist? And I fail to see how a checklist will help anyone keep abreast of a rapidly changing field.

In short, this material is not new, significant, or unusual in content or presentation. If such a checklist is worth the price of the book to you, get it. However, if you are looking for a text or introduction to the field of computer security, this book is not the answer.
Reviewer:  David Bellin Review #: CR111866
Bookmark and Share
  Featured Reviewer  
 
Security, Integrity, And Protection (H.2.0 ... )
 
 
Security (K.6.m ... )
 
Would you recommend this review?
yes
no
Other reviews under "Security, Integrity, And Protection": Date
Views for multilevel database security
Denning D., Akl S., Heckman M., Lunt T., Morgenstern M., Neumann P., Schell R. IEEE Transactions on Software Engineering SE-13(2): 129-140, 1987. Type: Article		 Feb 1 1988
Incorporating access control in forms systems
Yeo G. Computers and Security 4(2): 109-122, 1985. Type: Article		 Feb 1 1986
The NTree: a two dimension partial order for protection groups
Sandhu R. ACM Transactions on Computer Systems 6(2): 197-222, 1988. Type: Article		 Feb 1 1989
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy