I am reading the ‘CISSP Guide to Security Essentials, 2nd Edition’ written by Peter H. Gregory, published by Cengage Learning. This is a very informative book that gives a wide range of knowledge in information security, but there are some .
I will note down here any errors that I identify for people’s future reference.
IEEE 802.11 a/b/g/n (Chapter 10)
IEEE 802.11 a/b/g/n is a family of wireless network standards.
The book prints this standard family as IEEE 802.1 a/b/g/n
on all its appearances, including page 417, page 414, page 388 in Chapter 10 (Telecommunications and network security).
Vulnerability to frequency analysis (Chapter 5)
On page 179, second graph of “Transposition” section, the book states: This makes a transposition cipher - as well as a substitution cipher - vulnerable to frequency analysis.
On page 179, at the end of the “Monoalphabetic” section, the book states: Like a transposition cipher, a monoalphabetic cipher is subject to a frenquency analysis attack.
These two statements look incorrect to me.
The characters in ciphertext by transposition are as they are, so frequency analysis won’t really get any extra information, therefore I believe Transposition is NOT subject to frequency analysis attack.
Countermeasures to reduce ALE (Chapter 1)
On beginning of page 7, the book discusses a range of countermeasures to reduce ALE.
The third measure: Changes in single loss expectancy
should instead be Annualized rate of occurrence(ARO) to make sense with the context.
Changes in single loss expectancy
is equivalent to the second countermeasure listed here, changing the EF
, as long as the Asset Value stays the same.
Single Point of Failure (Chapter 1)
On the bottom of page 11 - Single Point of Failure, the discussion on Figure 1-2 stated that The firewall is a single point whose failure will cause the failure of the entire system's objectives
. Based on the figure and the context, the single point of failure should instead be the Gateway(GW).
Information Labeling (Chapter 1)
In the first paragraph Information Labeling section of page 19, it states: When others are aware of the
classification level of a particular set of data, they are more apt to be aware of the
classification level and handle the data properly
.
This sentence contains redundancy and does not make a lot of sense.
Based on the context, it might want to say:When others are aware of the
classification level of a particular set of data, they are more apt to be aware of the
sensitivity level and handle the data properly