Book Review: Time Based Security

[The date of publication is not known.]

Time Based Security
Practical and Provable Methods to Protect Enterprise and Infrastructure, Networks and Nation
Winn Schwartau
0-672-31341-3, 174 pages, Interpact Press

What is TBS (Time Based Security)? TBS is defined by the author as “a non-technical examination of the very foundation of the technical realities of the networked society. It is designed for a wide audience with varying skill sets, backgrounds and business needs.” Unfortunately, the title’s use of “practical and provable methods to protect enterprise and infrastructure, networks and nation” implies (to me) that the book will cover practical and applicable solutions to the problems pointed out. Rather than presenting solutions, the author gives a high level diagnosis of the problem, as well as simple-to-use equations for determining how it affects your organization.

The first fourteen chapters (each chapter averages 4.5 pages) go into the description and foundation of TBS. Schwartau calls on well grounded and practical examples to convey the importance of utilizing a security plan that utilizes TBS. From the foundation, simple equations are designed to contrast the importance of Protection, Detection, and Reaction (the key elements of TBS).

The next few chapters go into various security concepts and how they apply to a TBS model. Starting with ‘Defense in Depth’ (Chapter 17), Schwartau applies practical examples to his TBS equations and shows how to factor in elements such as multi layered security. Unfortunately, these chapters (especially ‘SequentialTime-Based Security’ [Chapter 18]), are extremely short and lack the description needed to adequately convey their importance.

The remaining chapters cover a wider variety of topics and expand past the TBS model a bit more. Some of these topics are Reaction Channels, TBS Reaction Matrices & Empowerment, and Using TBS in Protection.

Overview: While TBS presents a great overview of the concepts and effects of Time based Security, it does not present a grounded practical method for implementing these ideas into a working network. Technical people reading this book will no doubt question the book’s claims of it being “your handbook for protecting intangible things of value that have no physical substance.” Management and non-technical people however, should definitely read this book. Schwartau cites easy to use examples and layman’s terms to explain the risks your network suffers.

Leave a Reply

%d bloggers like this: