ComputingReviews.com

Computer security: a comprehensive controls checklist
Wood C., Banks W., Guarro S., Garcia A., Hampel V., Sartorio H., Wiley-Interscience,New York, NY,1987.Type:Book

Date Reviewed: 02/01/88

Computer security is a checklist that originated in a project for the United States Air Force Logistics Command. Its stated purpose is to be of value to “users who need to acquire familiarity with, and then keep abreast of, the rapidly changing computer security field.” The authors state that the checklist is suitable for first-time users, system security analysts, and pragmatic managers.

After an 18-page discussion of how to use the checklist (which includes a complicated formula for arriving at numerical weights), the rest of the book is devoted to a reproduction of the checklist itself. This is divided into sections on security (personnel, systems development, training, organization, physical access, input/output, processing, database software, telecommunications) and survivability. Legal protection is discussed, although this topic is not included in the checklist. Finally, a selected bibliography is presented. The bibliography contains a good list of journals and periodicals; however, the latest references are from 1986, and those are skimpy. Unfortunately, a list of security-related organizations and special interest groups is not included as a separate item.

The checklist approach is a mechanical scheme to assure correctness in many fields. The danger to this approach is that the neophyte will be tempted to use checklists in place of expert counsel. A checklist might be useful to experts as a reminder of all the aspects to be covered in their work, but again, the checklist provider must cover every possible area. Perhaps this is the side of government contract work people can be confident in, since every possible aspect is usually included in this work. However, would it be wise to trust a security program to whatever happens to be in such a checklist? And I fail to see how a checklist will help anyone keep abreast of a rapidly changing field.

In short, this material is not new, significant, or unusual in content or presentation. If such a checklist is worth the price of the book to you, get it. However, if you are looking for a text or introduction to the field of computer security, this book is not the answer.

Reviewer: David Bellin

Review #: CR111866

Reproduction in whole or in part without permission is prohibited. Copyright 2024 ComputingReviews.com™
Terms of Use | Privacy Policy