Emerald Group Publishing Limited
Copyright © 2000, MCB UP Limited
The President of Canaudit Inc., with his 17 years hands‐on experience, has produced a comprehensive treatment on how to protect an organisation’s interconnected networks. The book maintains the miraculous qualities of clarity and technical profundity, which are rarely found together. Apart from the plethora of auditing programmes contained on the accompanying disk, and which are easily customised, detailed blow by blow accounts are provided about how hackers manage to penetrate a network, and the protective steps that may be taken. It is like attending an anatomy class at which for the first time it is possible to see all laid bare, and appreciate the innards of computer network.
The other compelling feature of this book is that it is written in the context of the Committee of Sponsoring Organizations (COSO) report, and is complete with risk/control summaries and audit and control checklists. It is emphasised that firewalls are not the beginning and end of the story, and that although the most important security device, attention should also be devoted to routers, bridges, and gateways, which auditors tend to neglect. Smith warns us that “Operating system controls in the UNIX, NT and Novell environments in many corporations are so poor that they practically invite hackers to enter the network”. This text may be regarded as the one to take us into the millennium, and should be seen as superseding the more superficial, even if readable texts, such as Chambers and Court.
The core contents show how insightful this text is:
Networks – early systems, impact of interconnected systems on business, interconnected audit time schedules, telecommunications glossary.
Carrier issues – critical process analysis, cost containment, network contracts.
Communications alternatives – wire line and broadcast‐type circuits, laser and shared communications, integrated services digital networks.
Network operations and management – business continuance, disaster preparedness, maintenance, problem reporting and resolution.
Cataloguing the network – the wide area network, servers and LANS, the Internet and other public networks.
The reader is guaranteed to emerge from the book much wiser, and with the kernel of skills required by the demands of contemporary networks. Do not read any other book on the subject until you have completed this one