Fighting Computer Crime

I found Donn Parkers superb book to be an excellent reference during my MSc (IT Security) . His analysis of how CIA is an old concept is worth the cost of the book alone. I have read the book several times and regularly call upon his concepts and methodologies, many of which are already in management non technical speak. If you buy this book, do it because you either currently operate or you want to move your thinking to a higher level - If you are fighting computer crime at the systems or network level, this is probably the wrong book for you, as it is not technically orientated.If however you are engaged in deriving policy, explaining new concepts in IT security to management or network/secure system design then you should count this book as a must have.

The title suggests that this book is about computer security. Nothing could be more wrong. This book is about strategic information security, whatever the form it takes. I rate this alongside such classics as Commander Smith's Commonsense Computer Security. If you're looking for a technical book or a book solely about computer security you will be disappointed. If you're trying to grapple with the larger concept information security, this book will give a solid ground for your future work and even some ideas on how to sell it to your management. It is packed with information, ideas, war stories, and commonsense advice, you can't loose by buying it.An absolute must read for any serious information security professional/manager.

I have selected Parker's book as a primary text in a computer crime class. I do not agree with all of Parker's assertions, but I don't recall any being baseless. That is a rare quality in a computer security book. His approach to computer security is not simply rehashed from the previous texts in this area.This book is not for everyone. It is an excellent point of departure for discussions of crime policy and security theory. It provides enought technical detail to make the concepts clear. It is not a security cookbook.

This book is probably too radical to be useful as study material for the CISSP, which tends to be mired in a traditional security practice concept that Parker characterizes as `alchemy.' Obsoleting the common three elements of security, confidentiality, integrity, and availability, the fundamentals of his new framework of information security are availability, utility, integrity, authenticity, confidentiality, and possession. He debunks a number of the tenets of computer security claiming early on that there are "no valid statistics on computer crime," stressing that information security "can never be a science," and warning that "starting with vulnerabilities is starting in the middle." He's quite harsh in his indictment of numeric and financial threat analysis, claiming that "adopting baseline controls is a simpler, less expensive, and more effective way to select security safeguards than risk assessment." Parker has a very business-oriented and pragmatic approach to security, and tries to suggest ways that security can help meet business goals instead of conflicting with them. I purchased the book on a recommendation that I would find his comprehensive threats/assets/vulnerabilities model of security useful. Within the offenders sub-category, for instance, he breaks down the characteristics of a computer criminal by skills, knowledge, resource availability, authority, motivation, intent, and extremism. This represents a much more sophisticated analysis of information attackers than the typical hacker-criminal-spy spectrum that I usually describe. He's only lukewarm towards the value of technical penetration testing and characterizes social engineering demonstrations as misguided and harmful.I hadn't realized it when purchasing Fighting Computer Crime, but my introduction to the concepts of computer security was through a copy of Parker's first book that I read in 1980. As a consultant at SRI, he's been fighting computer crime since the early 1960s. Although he is very oriented towards criminal justice, which may be a turn-off to some, his approach to security is holistic and multi-disciplinary. After hundreds of meetings with computer criminals, he's developed a detailed understanding of how they behave, what they do and how to protect information from them. This is the most mind-expanding book on computer security that I've ever read. While I don't agree with Parker 100%, there isn't a lot that I could find fault with. I find his arguments very compelling and I strongly recommend this book for all computer security practitioners and those with responsibility for information systems.

I have purchased and read dozens of computer security and computer crime related books over the past ten years. None of them even remotely compare to this one written by the master himself. I've seen and heard Donn Parker at a number of security conferences throughout the country. Every time that I attend one of his speaking sessions, I learn something new and valuable for protecting my company. The back cover of the book refers to him as "the #1 cybercrime expert", and after hearing him for years, and now reading his book, I agree! This book will help save your company. Not only does it present a `real world' look at the problems, it provides possible solutions for every one of them. Donn's writing style is excellent as well. While reading certain parts of the book, it felt like he was right there explaining things in a way that only he can. The book is jammed full of checklists, suggestions, war stories and warnings about things that most of us are doing wrong. It is truly "A New Framework for Protecting Information". I highly recommend it!