Who are the cybercriminals and what can we do to stop them? From the #1 cybercrime expert, a revolutionary new approach to . Fighting Computer Crime A top computer crime expert explains why current computer security methods fall dangerously short of the mark and what we can do to fix them. Based on his 30 years as a cybercrime fighter, during which he interviewed more than 200 perpetrators and their victims, Donn B. Parker provides valuable technical insight about the means cybercriminals employ, as well as penetrating psychological insights into their criminal behavior and motivations. Using many riveting real-life crime stories to illustrate his points, he reveals:
* Who your greatest security threats really are (be prepared for some surprises!)
* Why employees undergoing divorce can be your organization's greatest computer security risk
* How to overcome cyberterrorists who will employ any high-tech or low-tech means necessary to crash your systems.
* Effective countermeasures for each threat covered in the book
* How to neutralize even the most powerful cybercrime scheme attempts
* Why and how the incorrect, incomplete, inarticulate security folk art must be revitalized

Average Customer Review: ( 11 customer reviews )
Write an online review and share your thoughts with other customers.

Obsoleting the common three elements of security, confidentiality, integrity, and availability, the fundamentals of his new framework of information security are availability, utility, integrity, authenticity, confidentiality, and possession.

He debunks a number of the tenets of computer security claiming early on that there are "no valid statistics on computer crime," stressing that information security "can never be a science," and warning that "starting with vulnerabilities is starting in the middle." He's quite harsh in his indictment of numeric and financial threat analysis, claiming that "adopting baseline controls is a simpler, less expensive, and more effective way to select security safeguards than risk assessment." Parker has a very business-oriented and pragmatic approach to security, and tries to suggest ways that security can help meet business goals instead of conflicting with them.

I purchased the book on a recommendation that I would find his comprehensive threats/assets/vulnerabilities model of security useful. Within the offenders sub-category, for instance, he breaks down the characteristics of a computer criminal by skills, knowledge, resource availability, authority, motivation, intent, and extremism. This represents a much more sophisticated analysis of information attackers than the typical hacker-criminal-spy spectrum that I usually describe. He's only lukewarm towards the value of technical penetration testing and characterizes social engineering demonstrations as misguided and harmful.

I hadn't realized it when purchasing Fighting Computer Crime, but my introduction to the concepts of computer security was through a copy of Parker's first book that I read in 1980. As a consultant at SRI, he's been fighting computer crime since the early 1960s. Although he is very oriented towards criminal justice, which may be a turn-off to some, his approach to security is holistic and multi-disciplinary. After hundreds of meetings with computer criminals, he's developed a detailed understanding of how they behave, what they do and how to protect information from them.

This is the most mind-expanding book on computer security that I've ever read. While I don't agree with Parker 100%, there isn't a lot that I could find fault with. I find his arguments very compelling and I strongly recommend this book for all computer security practitioners and those with responsibility for information systems.

7 of 8 found the following review helpful:

A qualified endorsementApr 25, 2000
By D. Kall Loper
I have selected Parker's book as a primary text in a computer crime class. I do not agree with all of Parker's assertions, but I don't recall any being baseless. That is a rare quality in a computer security book. His approach to computer security is not simply rehashed from the previous texts in this area.

This book is not for everyone. It is an excellent point of departure for discussions of crime policy and security theory. It provides enought technical detail to make the concepts clear. It is not a security cookbook.

5 of 6 found the following review helpful:

A must read computer crime prevention guide by the master!!!Apr 07, 1999

I have purchased and read dozens of computer security and computer crime related books over the past ten years. None of them even remotely compare to this one written by the master himself. I've seen and heard Donn Parker at a number of security conferences throughout the country.

Every time that I attend one of his speaking sessions, I learn something new and valuable for protecting my company. The back cover of the book refers to him as "the #1 cybercrime expert", and after hearing him for years, and now reading his book, I agree! This book will help save your company. Not only does it present a `real world' look at the problems, it provides possible solutions for every one of them.

Donn's writing style is excellent as well. While reading certain parts of the book, it felt like he was right there explaining things in a way that only he can. The book is jammed full of checklists, suggestions, war stories and warnings about things that most of us are doing wrong. It is truly "A New Framework for Protecting Information". I highly recommend it!

5 of 6 found the following review helpful:

Fighting Computer Crime by Donn B. ParkerJun 14, 2001
By Steve Armstrong
I found Donn Parkers superb book to be an excellent reference during my MSc (IT Security) . His analysis of how CIA is an old concept is worth the cost of the book alone. I have read the book several times and regularly call upon his concepts and methodologies, many of which are already in management non technical speak.

If you buy this book, do it because you either currently operate or you want to move your thinking to a higher level - If you are fighting computer crime at the systems or network level, this is probably the wrong book for you, as it is not technically orientated.

If however you are engaged in deriving policy, explaining new concepts in IT security to management or network/secure system design then you should count this book as a must have.

5 of 6 found the following review helpful:

Does indeed present a new frameworkFeb 21, 2001
By Ben Rothke "Author of 'Computer Security: 20 Things Every Employee Should Know'"
Parker's `Fighting Computer Crime' is one of those books that has an extremely important message, but unfortunately did not sell well nor get adequate publicity and exposure. That is a real shame and is indicative of corporate America's apathy towards information systems security. The fact that this book is ranked 59,827 in Amazon sales is indeed good for security companies.

Donn Parker takes his experience and viewpoints about information systems security and organizes it into a readable work.

Parker takes information security and rewrites it to his weltanschauung. While most references list the `Big 3' tenets of security as: Confidentiality, Integrity, Availability; Parker breaks this info new domains of: Availability, Authenticity, Confidentiality, Integrity, Utility and Possession.

The book indeed does present a new framework for protecting information. Despite the fact that more and more is being spent on information systems security, things are getting more and more complex, and complex systems are much harder to protect.

See all 11 customer reviews on Amazon.com