BKTNSOIS.RVW   20080511

"The New School of Information Security", Adam Shostack/Andrew
Stewart, 2008, 978-0-321-50278-0, U$29.99/C$32.99
%A   Adam Shostack
%A   Andrew Stewart homepage.mac.com/andrew_j_stewart
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2008
%G   978-0-321-50278-0 0-321-50278-7
%I   Addison-Wesley Publishing Co.
%O   U$29.99/C$32.99 416-447-5101 fax: 416-443-0948 800-822-6339
%O  http://www.amazon.com/exec/obidos/ASIN/0321502787/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0321502787/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0321502787/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   238 p.
%T   "The New School of Information Security"

The preface is not very clear about the intent or audience for the
book, stating that it is not about security technologies (it's rather
specific about firewalls) as such, but about how technology interacts
with the world.

Chapter one says that information security is failing, and that we
need a "New School" of thought on the matter.  The authors state, in
chapter two, that everybody else is doing infosec incorrectly.  (I
have to admit that I strongly agree that "best practice" is a silly
and useless phrase.)  That what everyone else knows is also wrong,
seems to be the thesis of chapter three.  Chapter four notes that
nobody wants to admit mistakes.  (By this point I was willing to admit
that reviewing this book was probably a mistake.)  That security is
not just a matter of technology is asserted in chapter five, and the
point is valid, although reasonably well known.  Chapter six says that
everybody spends (security budgets) improperly.  Everybody does
planning wrong, too, we are told in chapter seven.  The authors finish
up by telling us, in chapter eight, that we should do better.

Thanks, guys.  That was helpful.

copyright Robert M. Slade, 2008   BKTNSOIS.RVW   20080511