Information Warfare and Security

Gulf war, fraud, national security, Spam, traitors, and computer viruses. These are just a few of the topics covered by Dorothy Denning’s book Information_Warfare_and_Security. This book gives a broad and informative view of information security, however it lacks specifics to make it more than an introductory work to this field.

The book has a broad overview of subjects. The Introduction section encompasses around 75 pages and gives substantial theory to the how and why of information security. Part II discusses “Offensive Information Warfare” which brings the reader through techniques on obtaining information. “Defensive Information Warfare” in Part III naturally discusses how to repel the offenses discussed in Part II.

Information_Warfare_and_Security is very informative on the problem areas which it discusses. Computers and phones are obvious places for intrusion and the book covers the facets of these areas in depth. The less obvious methodologies are also mentioned such as eavesdropping, traffic analysis, and sabotage. Denning does not leave out the human factor in her sections on social engineering, traitors, and even dumpster diving.

Denning’s book, however, lacks specific in-depth information. Any chapter subject could have a large book written on it. The book does not give the “how-to’s” to create or block an attack; rather it merely discusses the possibilities. To Denning’s credit, however, she does include a substantial bibliography and endnotes so the reader can find further information in the source material.

Information_Warfare_and_Security would serve the purpose of an excellent introductory overview to the information security field. It is broad and informative, but lacks the specific information to execute any of the offenses or defenses. Denning’s book is useful to heighten awareness of information security issues, but it is not sufficient to provide an education in this field.
Rating: 4 / 5

Dorothy Denning’s book covers almost every aspect of a topic that is of increasing importance. It is written in an ENJOYABLE STYLE and is full of examples, stories and quotations that WELL ILLUSTRATE the points she wants to make. It is an EXCELLENT OVERVIEW of the topic, and for those who are interested in the details, an extensive list of references is included at the end.

Whether you are responsible for information security at your enterprise or you are a citizen concerned about your data’s privacy, you WILL NOT REGRET if you read this book.

However, it could be improved in several areas:

Even in an overview like this, more should be said about the controls that can help you protect your data (such as separation of duties, security audits etc.). The numbering of references is restarted in every chapter and so they are hard to find at the end of the book. Most importantly, it should show much less political and cultural bias. A book that is basically about information-related threats and defenses is NOT supposed to be used to protect Attorney General Janet Reno in connection with the Waco case (see Chapter 5) or vent the author’s dislike of the Arab countries. For example, if Arab governments control information such as pornography, it is called “censorship”, the same thing done by the US government is referred to as “restrictions – also in Chapter 5. (Don’t get me wrong: it is NO accident that I lived in the US for years and never ever wished to live in an Arab country, so I am myself biased toward American culture. Even so, I often found Denning too openly manipulative.)
Rating: 4 / 5

I am very reluctant to give much credit for this book to its author. This is primarily because nearly a third of the book is dedicated to bibliography. That, in my opinion, is not really writing; it is compilation.

I was also disappointed at the caliber of anecdotes. I found them to be either totally irrelevant, or totally trite.

I will give credit, however, for the organization and ‘soup-to-nuts’ primer approach. The chapter organization and flow are superb and I am certain this makes a decent text for non-technical graduate students trying to grasp the concepts of information warfare. The chapter on encryption technology is especially well explained.

Unfortunately, the jacket and editorial reviews (and some of the Amazon reviews) would lead you to believe that this book is a MUST for all information security professionals. It isn’t. It is probably, however, a good book for people who have to effectively communicate with information security professionals. Anyone with even a moderate background in information security will not be impressed.
Rating: 3 / 5

Dorothy Denning has produced one of the best ‘easy read’ reference books I have seen in years. The writing is one of the most striking aspects of this book; right from the introduction the reader is taken on a logical and structured route through the key aspects of Information Security, with numerous references to real life cases. You don’t need a note pad, as the language is clear and concepts explained in simple English. This a excellent book to read on the train/plane: it is interesting, job related, informative but not dull or too intellectually challenging.

That said the strength of argument and excellent references are worth the cost of the book alone! I have personally used excerpts form this book to very good effect when making a point to higher management. Of the 50+ IT, Security and InfoSec books have in my collection this is the one I never, lend out.
Rating: 5 / 5

The book provides a good overview of information warfare. It is divided into three sections, the introduction, offensive information warfare and finally defensive information warfare. Numerous topics are covered. The author is clearly an expert in security and manages to touch upon all the major information security topics.

The main strength of the book is the breadth of topic selection. By the time you have reached the end of the book, you will have at least a passing acquaintance with all important information security topics. The book is very well referenced and is written in an easy to read style.

The enormous topic selection means that no topic is treated in any particular depth. This means that you’ll get to know something about everything, but unfortunately you won’t develop an intimate understanding of any of the topics covered.

At times I received the impression that the book was simply a collection of anecdotes. Some parts of the book resembled sensationalistic journalism and, four years after it was written, many parts of the book are out of date. I would recommend this book to anyone looking for a broad overview of information security. Its scatter gun approach means that you’ll hit all of the topics but won’t develop a true understanding of the underlying mechanisms involved.
Rating: 3 / 5