BKINSCET.RVW 20080207 "Information Security and Ethics", Marian Quigley, 2005, 1-59140-233-6, U$64.95 %E Marian Quigley %C Suite 200 701 E. Chocolate Ave., Hershey, PA 17033-1117 %D 2005 %G 1-59140-233-6 %I IRM Press/Idea Group/IGI Global %O U$64.95 800-345-432 717-533-8845 cust@idea-group.com %O http://www.amazon.com/exec/obidos/ASIN/1591402336/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1591402336/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1591402336/robsladesin03-20 %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation) %P 317 p. %T "Information Security and Ethics: Social and Organizational Issues" Given the title, one might have hoped for more integration of the topics of security and ethics. In fact, the book is strictly divided into two different sections: one for ethics, and one for security. Part one purports to be about ethics. Chapter one describes the Web in social terms, but has limited relevance for ethics. The initial material in chapter two, on the digital divide between those who have and use Internet access and those who don't, is interesting, but the paper turns out to be simply a proposal for a study to determine whether there is a digital divide, and what form it takes. Chapter three reports on a study that says the digital divide exists. The economic and labour market advantages of making Web pages accessible to those with disabilities are promoted in chapter four. Some aspects of a theoretical background to the ethics of such accessibility are examined in chapter five (which is the first time we've really had much to do with ethics at all). Dropping ethics again, chapter six briefly notes some problems with Internet voting. A general discussion of children and online pornography, detailing Australian media classifications, makes up chapter seven. Chapter eight tells us that young people use mobile (or cellular) phones a lot with their friends and communities. Part two turns to security. Chapter nine suggests that we have learned something about information security from the Y2K problem and the 9/11 attacks, but it doesn't really say why or what (aside from the fact that we need security). Some vague ideas about cryptography are in chapter ten. You can assess your security controls, chapter eleven tells us, by determining whether they perform the security you intended them to achieve. (This, apparently, is known as a "strategy.") Chapter twelve tells us that the security literature says we should have security policies. We should have security metrics, says chapter thirteen, and to prove it, cites security frameworks which don't. Chapter fourteen promotes digital rights management. The book, as a whole, has no theme or thread to it. In addition, the individual papers have very little to contribute to the security literature. I cannot think of an audience that would benefit from this work. copyright Robert M. Slade, 2008 BKINSCET.RVW 20080207