View Full Version : REVIEW: "Information Security and Ethics", Marian Quigley

Rob Slade, doting grandpa of Ryan and Trevor
05-09-08, 12:53 PM

"Information Security and Ethics", Marian Quigley, 2005,
1-59140-233-6, U$64.95
%E Marian Quigley
%C Suite 200 701 E. Chocolate Ave., Hershey, PA 17033-1117
%D 2005
%G 1-59140-233-6
%I IRM Press/Idea Group/IGI Global
%O U$64.95 800-345-432 717-533-8845 cust@idea-group.com
%O http://www.amazon.com/exec/obidos/ASIN/1591402336/robsladesinterne
%O http://www.amazon.ca/exec/obidos/ASIN/1591402336/robsladesin03-20
%O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 317 p.
%T "Information Security and Ethics: Social and Organizational

Given the title, one might have hoped for more integration of the
topics of security and ethics. In fact, the book is strictly divided
into two different sections: one for ethics, and one for security.

Part one purports to be about ethics. Chapter one describes the Web
in social terms, but has limited relevance for ethics. The initial
material in chapter two, on the digital divide between those who have
and use Internet access and those who don't, is interesting, but the
paper turns out to be simply a proposal for a study to determine
whether there is a digital divide, and what form it takes. Chapter
three reports on a study that says the digital divide exists. The
economic and labour market advantages of making Web pages accessible
to those with disabilities are promoted in chapter four. Some aspects
of a theoretical background to the ethics of such accessibility are
examined in chapter five (which is the first time we've really had
much to do with ethics at all). Dropping ethics again, chapter six
briefly notes some problems with Internet voting. A general
discussion of children and online pornography, detailing Australian
media classifications, makes up chapter seven. Chapter eight tells us
that young people use mobile (or cellular) phones a lot with their
friends and communities.

Part two turns to security. Chapter nine suggests that we have
learned something about information security from the Y2K problem and
the 9/11 attacks, but it doesn't really say why or what (aside from
the fact that we need security). Some vague ideas about cryptography
are in chapter ten. You can assess your security controls, chapter
eleven tells us, by determining whether they perform the security you
intended them to achieve. (This, apparently, is known as a
"strategy.") Chapter twelve tells us that the security literature
says we should have security policies. We should have security
metrics, says chapter thirteen, and to prove it, cites security
frameworks which don't. Chapter fourteen promotes digital rights

The book, as a whole, has no theme or thread to it. In addition, the
individual papers have very little to contribute to the security
literature. I cannot think of an audience that would benefit from
this work.

copyright Robert M. Slade, 2008 BKINSCET.RVW 20080207

rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
"Dictionary of Information Security," Syngress 1597491152
Dictionary of Info Sec www.amazon.com/exec/obidos/ASIN/1597491152
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
Book reviews: [Base URL]mnbk.htm
Review mailing list: send mail to techbooks-subscribe@egroups.com
or techbooks-subscribe@topica.com