Saturday, April 20, 2013

Principles of Information Security 4 edition, Michael E. Whitman



The book had some good information, but it was really long in how to write all of these documents and policies if the building was in a flood or earthquake. Worms got a paragraph, and policy on how to create a disaster recovery got a chapter. I think given all of the information on Cybersecurity, that they would start to treat it like Cisco certification. Start with the basics worm, virus, etc. Then the information as people need it, if I don't know how to stop a virus or scanner do I really need to worry about a Disaster recovery plan?

This is definitely a book geared towards management, not the technical types. The book covers a lot of topics so don't expect much in-depth detail here. As a textbook that is a general overview of information assurance and security, I think the authors do a decent job here. Yes, there are a lot of acronyms and at times the material can read like a dictionary (and hopefully you can ignore the numerous typos, spelling, and grammatical errors), but I enjoyed the scenarios that opened up each chapter and thought areas covering management planning and decision making were good.

I would like to have seen the authors expand on the opening scenarios a little bit more, one or two pages just doesn't cut it, and I really missed not reading a few actual case studies. Real-life examples of information security issues companies' face and the final resolutions allow managers to relate what they are learning to their own situations, and open up many possibilities for discussion in the classroom.

Overall, this is an average introductory textbook on information security, with room to grow into a much better book. Okay for a classroom text, but one I'd avoid for casual reading.

The authors of this book either have the personality of a crescent wrench or the perseverance of GOD. I don't know if it's possible to make the subject of information security entertaining or interesting, but after reading a few chapters of this book, I think probably not. Corporate drones. Infinite bureaucracies. Documentation. Guidelines. Charts and graphs. If any of this sounds even remotely interesting please harm yourself immediately. Really, it's ok. Your friends won't care, probably because you don't have any, but still. One last thought: If hell has a library, this will be the only book in it.

This book is a very large, topical dictionary. This book would be an okay reference guide, if that is what it was marketed for. However, it is not.

This book has the power to make a potentially very interesting subject boring as tears. Do not buy it, and if you are using it as a textbook (I had to), beg your teacher to reconsider. No good book has this proportion of bad reviews on Amazon.

This book covers a more general aspect of information security. Not only the threats from attacks, but from other circumstances such as natural disasters etc. It is a good overall overview of what it takes to implement an information security system and where it should originate from (upper management). It is not too technical, so it should be a light reading even for those who are not technical.

This is used as a textbook for my class. I read through it briefly as I'm already familiar with a lot of information security concept. The book seems too general to be of much use. A lot of the things presented in the book are really fundamentals. If that's what you're looking for then the book is okay. If you're looking for more in-depth information, look elsewhere.

Let me start by saying that I was required to purchase this book for school. I came to Amazon to purchase it and I read all of the negative reviews beforehand, so I already had the bar set pretty low. Nothing could have prepared me for just how bad this book really is.

This book is nothing but page after page after page of definitions of security terms. It might as well be an unorganized dictionary. It does not actually teach you how to do anything. There is zero practical, real-world application, just a bunch of theory. The book just lists IT security terms, followed by either a vague explanation or an overly lengthy one. It's almost as if it were written for someone who is going to hire IT security personnel, so that the hiring manager can learn what buzz-words he needs to throw at the candidate in an interview. But if you want to actually learn how to do IT security yourself, then read a different book because you won't learn how from this one.

This book is for someone who is a first year business major (maybe) I've got to agree with the bad reviews, this book is horrible. These authors spend a lot of time playing with acronyms, making the contents obtuse at best. In the first 150 pages there are more than 30 acronyms with as many as 200+ possible meanings, talk about meaningless drivel. If they really knew what they were communicating I would assume they would try and attempt to use the English language instead of some obscure verbal gymnastics. Overall I find it hard to believe that this book is geared toward any type of IT professional. This book is poorly thought out and of little value to someone pursuing a career in Networking (admin, tech, etc...). A frustrating waste of time.

I am in a Management Information Systems program at college but have a Network+. So I have more "tech" experience then your typical "manager", please keep that in mind when reading my review. This review is not in-depth or complete. Leave comments if you have any questions

In my opinion this book is HORRIBLE. It was published in 2012 (according to the text in the book) but does not cover any recent technologies or applications, such as Virtualization, RootKits or even (extremely) simple things like HTTPS (See Below).

A large part of this book is on the managerial aspect of Information Systems. I can give credit to the authors for those sections... even though a lot of them are extremely redundant. Half of the book seems to be extra fluff that was written in a manner to make the author seem extremely knowledgeable on things that are "common body of knowledge". Spending half a page to explain why an "Incident Response" plan should be created to respond in the case of an incident ^--Comment Sense Much^?

So I mentioned HTTPS earlier. The reason why I point this is that HTTPS is no where in the book. The authors INSTEAD spend about a page talking about SHTTP. NO ONE USES SHTTP. It was published in 1999. And made invalid by HTTPS which was PUBLISHED IN 2000. 12 years ago..... Like seriously. I understand technology is constantly updating... but 12 damn years? I learned this stuff in High School, like 5 years ago. There is text on the bottom of the cover that says "Preparing Tomorrow's Information Security Professionals." This is a lie. There is practically no discussion of any recent software, and much of the software examples that are provided are extremely outdated. I learn more on Google in a day then all the hours I spent reading this book this semester.

Another quirk: In the glossary there is a definition for "firewalls" as being "Walls that limit the spread of damage should a fire break out in an office" This is really self explanatory...

I have a feeling this book is geared towards people with ZERO technology experience. If you going to be a manager, and want to go to college then get a managerial degree. If your a manager, then 9 times out of 10, your going to hire a CTO. If you going into MIS, then 9 times out of 10, your going to have a more technical background them your "average" manager. So it would be nice if this book was a tad more technical.

The only reason why I bought the book was because it was required for class.

This is the worst text book I have ever used in any subject. It's like a bottle of Tylenol PM bound with paper. I was hoping to really learn something and then go take the Security+ exam. After getting 6 chapters in I'm unsure if I want to ever have anything to do with network security, ever. It seems like the authors are nothing more than upper managers who decided to write a book about information security, because everywhere you turn in the book they are driving home the point that upper management knows EVERYTHING and the guys in the field have no clue and upper management is making ALL the important decisions. I'm waiting to turn a page and find a promo for Lean Six Sigma. I'd really like to hear from someone who used only this book and then attempted the Security+ exam because I'm thinking that after this semester is over I'm going to need to buy another book that I can bear to read.

Maybe I'm not the books target audience, misunderstood the class I enrolled in, or went about it bass ackward, but this book is the pits! I studied my behind off (with books here at Amazon), took the security+ exam and passed. I then took what I thought was a intro to information security class at a local college to fill in the gaps of things I discovered while preparing for the security+ exam. I found this book to be very dry and in my opinion, places more weight on "champions in management", systems development life cycle and administrative issues over basics such as what is a IDS/IPS? why you'd rather use a switch than a hub or why you'd rather use AES than DES. Again maybe I'm comparing apples to oranges, but for what I thought I was going to learn, this text book missed the mark and I was very disappointed.

This book covers a lot of issues regarding security; it's a good book to start in the security field. But I don't know why I should buy an exercise book since they could make only one book and sell it a little cheaper?
Also there is no Kindle edition of this book.
The editor could make better, So I put a 3 stars for the missing points.

Product Details :
Paperback: 656 pages
Publisher: Course Technology; 4 edition (January 1, 2011)
Language: English
ISBN-10: 1111138214
ISBN-13: 978-1111138219
Product Dimensions: 7.3 x 1.1 x 9.1 inches

More Details about Principles of Information Security 4 edition

or

Download Principles of Information Security 4 edition PDF Ebook

No comments:

Post a Comment