BKMAPSEC.RVW 20050805 "Mapping Security", Tom Patterson, 2005, 0-321-30452-7, U$34.99/C$49.99 %A Tom Patterson www.tpatterson.net Online@MappingSecurity.com %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 2005 %G 0-321-30452-7 %I Addison-Wesley Publishing Co. %O U$34.99/C$49.99 800-822-6339 Fax: 617-944-7273 bkexpress@aw.com %O http://www.amazon.com/exec/obidos/ASIN/0321304527/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0321304527/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0321304527/robsladesin03-20 %O Audience n- Tech 1 Writing 1 (see revfaq.htm for explanation) %P 405 p. %T "Mapping Security" A sort of preface seems to indicate that this book lists countries and assigns them a security score. Chapter one repeats this same material. Part one gives general security advice. Chapter two reiterates the point that business is increasingly global in nature, and that information technology has enabled activities that can create problems for business. We shouldn't waste time with risk assessment, says chapter three. What we should do sounds an awful lot like risk assessment. (We are also told that "things are different elsewhere," as in, other countries.) Chapter four seems to start out by promoting traditional cost/benefit analysis (with regard to "return on security investment"), but quickly diverts into a list of security technologies that the author considers to be worth it (presumably regardless of your business or situation). The idea that certain security technologies can enhance business and profits is promoted in chapter five, which also lists some examples to support the concept. Chapter six appears to advocate developing an ongoing awareness or facility for determining the existence of security threats and attacks. This idea is extended, in chapter seven, and there is also a reminder that threats, and protections, change rapidly. Part two is the list of security indices by country and region. Chapter eight reiterates the notion that things are different elsewhere, and also finally (somewhat tersely) delineates the Mapping Security Index (MSI). Europe is covered in chapter nine, first in general and then by country. Countries are not given equal space, and the assignment does not seem to be on any particular basis. Much less space is devoted to the Middle East and Africa, in chapter ten. (Africa's forty-some countries are represented by South Africa, which is hardly representative. I'd rather hoped to check out Nigeria, but it isn't there.) Likewise missing are several nations from the Americas (Central America is one entity), in chapter eleven, possibly due to the space dedicated to explaining the United States (presumably to those from the United States). Chapter twelve discusses the Asia Pacific region. (Interestingly, although China gets a significant amount of space, no mention is made of the unique nature of some blackhat groups in China, the "red guests.") A conventional essay on outsourcing is presented in chapter thirteen. Part three collects some other, related, topics. Chapter fourteen is a brief introduction to this section. Laws are different elsewhere, we are informed in chapter fifteen. Distinctive uses are made of technology, in other countries, although chapter sixteen could have used more, and more effective, examples to point that out. The chapters in the book are difficult to follow, in terms of a central theme or thread. The text seems to jump from topic to topic, possibly under some commonality apparent to the author, but not explained to the reader. I'm not really clear on the audience for whom this book was supposed to be written, nor anyone to whom I could recommend it. copyright Robert M. Slade, 2005 BKMAPSEC.RVW 20050805