5 comments about CRM at the Speed of Light, 3e.

1. This book was truly one of the greatest educational books I've read. Whether it was intended for this or not, I don't know but what a great business overview of what CRM is as a whole. Paul's ability to simplify and his great sense of humour makes this book easy to read, easy to understand and was actually one of the most fun and informative books I've read in awhile. If your looking for a great understanding of CRM with a book that is hard to put down, this is the one. I can't wait for his second edition!



2. This is the bible for defining what CRM is, and is not, as well as categorizing all the technology offerings and giving good advice as to how to choose the right technology. I also read "CRM For The Common Man" by Russ Lombardo and thought it was a great precursor to CRM at the Speed of Light. CRM For The Common Man describes how to plan your CRM strategy up front, while Greenberg's book takes you to the next steps involving the technology. A great pair.



3. This is an excellent book for those interested in understanding the strategy behind CRM.



4. Great resource! Filled with lots of statistics for CRM industry and great insite into the challenges.



5. This a book that's not terribly insightful about CRM. It's a broad brush overview of commercial applications in the space and some conventional wisdom. Found it to have much repetitious pedantic pages. Wished that there were more discussion on business process and best practices.

5 comments about Microsoft Expression Web Step by Step (Microsoft).

1. No complaints yet-still working thru it-may change my post one way or the other when done



2. This is the 3rd Step-By-Step book I've purchased. The book has several mistakes where it instructs you to do something that doesn't work, i.e., 'click' when it should have said 'double-click'. Descriptions on where to position the cursor to perform certain tasks in a lesson are often vague causing confusion and wasted time. It's almost as if the book had not been edited or had someone walk through the lessons. My experience with other Microsoft SBS books have been very good; so, this is very disappointing.



3. Basically this is a book which would like to help previous MS Frontpage user sto migrate to Expression web. This book would guide you through some basics of the software. However some of the illustrations are not clear enough. Not exactly a "Step by Step" book.



4. This Step-by-step book is not step-by-step. There are no clearly defined terms, no attendant images, way too many assumptions and the author in general couldn't teach a sack to hold air. If you want to waste your money, buy this book. Otherwise, look elsewhere. It got one star just because I couldn't post this with no star.



5. Microsoft Expression Web Step by Step (Microsoft)
   
   I just received this book. I started doing the exercises immediately and so far im very pleased with what it has to offer.

1 comments about My Town (Young Geography).

1. I love these books and so do the children. It is colorful, fun, with fabulous illustrations for children to learn terms about their town and how a town can change. It's great for learning about maps also. A great educational book with lots of potential. If you are looking for more like them check on www.suesbooks.info. New and discounted also. If you order $35 you could qualify for customer specials and internet specials available.

5 comments about Mastering Algorithms with C (Mastering).

1. To be fair and honest, I have not read this entire book and that is because I've read far better ones. If you are interested in this topic (and if you're a programmer or computer scientist, you should be), look to Robert Sedgewick's excellent "Algorithms in C" in two volumes, or "Mastering Algoritms" by Cormen, Leiserson, Rivest, and Stein. While the algorithms in Cormen, etc.'s book are not in C, they are in a pseudo language that easy to convert to C. I'm really, really glad I looked this book over before flushing my (limited) money away.



2. The book contents is good, the algorithms presented are more or less well explained and the implementeations themselves are not bad (but could be better).
   
   Unfortunately this book has 2 mayor problems:
   
   Sometimes you need an implementation of an algorithm for which you already know the inner-workings, just need quick code instead of reinvening the wheel yourself... the book will not allways give you that, it will sometimes build an algorithm based on previous ones! Darn!, I am supposed to go straight to the point I want and get the code without having to read a couple of previous sections.
   
   Second and worst of all is the coding style this guy has. I don't know what the other reviwer that said that the code is great programs in but certainly not in C. The author of the book simply has the worst style ever... look at the comments, a one line comment surrounded by a box!!! give-me-a-break!... where did he learn this? He should read a book about style, perhaps read Code Complete by Steve McConnel or something before attempting to write code. Anyway this is just one of the many style flaws this book has.
   
   If I could I would return it, after all, you can get mostly any implementation from the internet (I had to do that or would have wasted lots of time and... time is money).
   
   If well written, the book would have been 1/2 its size and then it would have been good.
   
   Why 3 stars? Well, in spite of the poor programming style and bad presentation of some algorithms, if you have time and patience, you get someting out of the book. Just don't use the coding style he uses... if you try that at work you would be fired or at least laughed at.



3. compare to most algorithm/data structure books out there, this book is not as complete as those, but it's much easier to read, and diagrams in this book is well drawn and much eaiser to follow. Why would I only give it 3 stars? One thing really ruined this book - obviously the publisher/editor/author try to increase the total page number by putting ridiculously big comment block in sample code(single line comments takes about 5 lines, all surrounded by '*' and spaces) This made the sample code difficult to read, imagine a 5 line function has to be printed in 2 or 3 pages.



4. The book is probably OK, but there are better, much better ones on the subject. I highly recommend looking at "The Algorithm Design Manual", just search Amazon and you'll find it.



5. Things I didn't know when I ordered this book was how structured the book was. It's easy to comprehend and doesn't contain too much unnecessary information. Furthermore, what I also managed to miss was the disc which was included, and this contains more in-depth code, which allows one to check a whole program instead of only a part.
   It is definitely a good decision to start with buying this book if you're studying Algorithms with C, since this will truly help and support you on your way.

5 comments about Core Servlets and Javaserver Pages: Core Technologies, Vol. 1 (2nd Edition).

1. This book presents a great introduction into the world of server side programming. Hall is an excellent writer and is considered to be the go-to man for JSP and Servlet development. This book is valuable to anyone interested in J2EE development.



2. Not a book for beginning programmers, however if you have minimal java experience and are proficient in other languages you will be able to figure it out.
   
   This book is an excellent read but has little reference value because it has no index. It is very informative if you are looking for something that explains the in's and out's and why's of .jsp and servlets, but if you are looking for lessons and sample code, you will have better luck looking for it online. But then again if you have experience, you can figure out the code yourself -not that difficult.
   
   P.S. There is a wealth of hints and code at java.sun.com That site coupled with this book was enough to get me on my way.



3. I bought this book based on reviews of others, and found it to be a disappointment. The coverage is mediocre at best, and a lot of the techniques that the author uses are outdated -- probably just carried forward from earlier editions of this book.
   
   The thing that bothers me most of all is that throughout this book, the author keeps referring the reader to Volume 2 for coverage of the more advanced topics. Unfortunately, Volume 2 has been delayed for over a year, and may not ever be released. Had I known Volume 2 wasn't coming out soon, I would have gone with a different author for learning servlets and JSP.



4. If you're learning web servlet programming this is a great book. I've found it hard to put down. The examples are great and the explanations are too.



5. This is an excellent book with lots of good examples. I'm new to servlets and jsp and I recommend it to anybody learning how to develop java web apps.

5 comments about Debugging with GDB: The GNU Source-Level Debugger.

1. This is the best book in the market for gdb. It is full of details and examples, if you would take time to read it.
   The INDEX at the end of the book is very well kept.
   There are many chapters for newbies and the illustrated examples are simple and easy to follow.
   There are also lots of deep and gory details if you need them.



2. Lets see if Amazon.com allows the link. You have to respect
   the wishes of a man like Richard Stallman.



3. I was looking for information on cross-platform debugging. This manual provides adequate information. A printed manual is sometime helpful when you are so tired looking at the over crowded screen. Good reference! If you are trying to learn the machanism of debugging, you have to find some other book.



4. Even though this entire book is available online, I find it useful to own it. Starts with a simple example, which is my favorite way of getting started.



5. Every serious programmer knows how invaluable the GNU debugger GDB for his or her work. Although, the content of this GDB manual is freely available, I find it very handy to have a hard copy. It is not surprising that the manual is well written because it has been revised many times by many developers of the open source community.

5 comments about MediaWiki Administrators' Tutorial Guide: Install, manage, and customize your MediaWiki installation.

1. When I started the wiki DharmaFlix.com, I had no experience in administering a wiki - just a hope and a prayer. For the vital information on wikis, which is in the details, I scoured the large amount of information available on the web, especially at the mediawiki website: http://www.mediawiki.org/. This was certainly helpful and got the site started. But I really wanted a comprehensive Bible of Wikis, that would allow me to grasp the full potentiality of this web development platform. I looked for a book to serve this need, and lo and behold, MediaWiki Administor's Tutorial Guide had just been published. Well I immediately bought it and read it cover to cover. It is very readable and I would think a current must-read for anyone desiring to found a wiki. DharmaFlix.com is flourishing very much because of this book and its author, Mizanur Rahman.



2. I think this book sells purely because there is little in the way of alternatives. The documentation in the MediaWiki wiki itself is patchy, jumbled, and confusing to navigate. I wanted a more 'polished' reference book, and this is the only book on Amazon devoted solely to MediaWiki.
   
   Content-wise it is _OK_. There is very little in here that isn't already available on-line, but at least it is presented in a more logical manner. The first half of the book is really aimed at contributors to MediaWiki, such as creating and editing a page, uploading and inserting images, and creating tables. True, Administrators will also need to know this, but it's probably safe to assume that anyone purchasing an "Administrator's Guide" already knows this. Certainly, it didn't teach me anything new. The second half gets more useful, covering administration of access rights, creation of skins, managing namespaces, and so on. That said, it does include huge swathes of code, which take up a fair bit of room - if you don't want to add the 'page rating' the author provides, then it's just a waste of space.
   
   The book is also missing some key information. There's a section on thumbnailing images, but the book neglects to mention that the functionality to deliver this isn't included in MediaWiki and has to be installed separately. (At least in the version I installed, but as there's no information provided on the different versions of MediaWiki there's no way of knowing whether this is why...) It's also vague on some tasks, such as "Figure out how to run PHP scripts from the command line."
   
   My biggest problem with the book is the quality of the writing. This is absolutely appalling. Maybe I'm a bit more sensitive to these things, being a Technical Writer by profession, but the amount of spelling errors and grammatical mistakes is absolutely shocking. I found almost 100 errors just whilst I was casually reading it - I'm sure there would be many more if I looked more closely. Most of these would have been detected by using a spellchecker, and many of the rest would have probably been picked up by Word's grammar checker. For the most part this is just annoying and distracting, but some, such as repeatedly misspelling the HTML HREF tag as HERF, are just unforgivable. It hardly puts ones faith in the author - if they can't get this right, what's the chance of the sample code being correct and actually working? But what is really shocking is that the book lists five editors, two reviewers and a proofreeader in the "Credits". None of these people deserve any credit whatsoever, as the quality of this book is below what I would expect from a 15-year old.
   
   In fact, I suspect that the book was actually written by a 15 year-old. The tone used, the examples (the wiki developed throughout the book is a wiki for ghost stories...), the logic of exposition, is all very 'youthful'. It's as though some teenager with an Internet connection and a bit of time on their hands had built themselves a wiki, and then someone had remarked to his parents "Wow, little Timmy knows so much about wikis I bet he could write a book on it!".
   
   Given the lack of competition you may want to go out and buy this book anyway. Just don't expect a detailed technical reference, and be prepared to overlook the frequent grammar and spelling errors...



3. I bought this book because I'd been looking in vain for information on customizing MediaWiki, having hit the proverbial brick wall trying to get beyond the basic configuration on my team's intranet wiki. I was a bit hesitant after reading earlier reviews mentioning that this book was poorly written, but bought it anyway being the *only* book available on MediaWiki.
   
   Given my prior (although minimal) exposure to MediaWiki, I was able to skim through the first four chapters rather quickly. The second half of the book has promising chapter titles, and does contain several code snippets & hacks, but I continually found myself wondering how a professional title made it to press with such poorly written prose. I found the explanations of key concepts to be rather circular, never clearly communicating "the big picture".
   
   Bottom line: If you're starting from scratch, this book should get you started & help as a reference if you need some hacks later on. Otherwise I'd skip it.



4. I am new to wikis and this was an excellent resource for me. Yes, there are a few errors here a there but I still consider it a very good reference. After this book you will be able to do more deep research on your own.
   
   This book is based on version 1.9.0, which is clearly stated in page 20.



5. I recommend the book "Wikipedia: The Missing Manual" for editors of your custom mediawiki, but for administrators, this book: "MediaWiki Administrators' Tutorial Guide is well worth the $40.00.
   
   I like that this book covers so much, yet doesn't try to cover everything. I'm sure that you can find the rest of what you need for a complete reference by Googling and reading the mediawiki that supports mediawiki.

5 comments about Murach's OS/390 and z/OS JCL.

1. My job requires me to write scripts on Windows and Unix platforms. I have no problem writing Windows batch files or Unix shell scripts to copy or move files, change permissions, create and delete directories, write results to log files, etc.
   
   Recently, I was asked to write a mainframe script. I was told to write this script in Rexx. When I looked into Rexx, it was just another scripting language. It was not hard to understand how it worked. However, unlike Windows batch files or Unix shell scripts, there was more to writing a Rexx program than just knowing the Rexx language - I needed JCL to run it!! I had seen JCL before. I knew each job started with a JOB card and that it executed PROCs and PGMs. I also knew that I did not know nearly enough about JCL to write JCL to do what I wanted it to do. That's when I went to Amazon and found this book.
   
   Not only did this book confirm what little I did know and correct some misundertandings I had, it went far more deeply into JCL to describe how to use many features that I did not know existed. One of the best features of this book is that it provides some background information on how mainframes work and the naming conventions used. This information is useful when JCL coding is introduced because the reader has a better idea of what the JCL is used for and what it happening with the various statements. JCL coding is not even introduced until Chapter 4!!
   
   After the background information, this book then goes through the various aspects of JCL coding. The basics of what I needed to know to run my Rexx program were addressed as were many concepts that I can now put in my "bag of tricks" for future projects. I am sure most of our mainframe programmers do not know most of this material.
   
   This book is not limited to JCL. It also describes how to compile Cobol programs, how to copy, move, sort, delete and print datasets using common mainframe utilities. It even has a chapter on Unix System Services. Prior to reading these chapters, I had no idea how to copy a dataset to a new dataset on the mainframe using a batch program. For me, this was a trivial issue on a Windows or Unix platform. I now know how to do it on the mainframe. This book clearly explains the process. It also provides coding examples for all concepts described throughout the book.
   
   If you are new to computing, I don't think you want to start with the mainframe as the first platform you learn. However, if you have some computing background from working with Windows and Unix, then I highly recommend this book to get a solid foundation on how to run batch programs on the mainframe.
   
   In the past, I had to ask a coworker to help me when I needed to work with JCL. I purchased this book so that I could code some JCL for myself to run my Rexx program. Now, not only does my Rexx program execute flawlessly, I also have a thorough understanding of how to write mainframe batch programs for future projects. Who knows, maybe my coworkers will start coming to me with their complex JCL coding problems!!



2. This book is a tremendous reference resource for anyone who works in the IBM mainframe environment, especially for those who don't work with JCL on a daily basis or for those seldom-used tasks for which you may not have any "canned" JCL readily available. I strongly recommend this book as an invaluable JCL reference document.



3. I must agree with the others reviews. This book is an invaluable resource that will save your time reading those boring, 1000-page, IBM Redbooks. It gives a nice introduction on IBM Mainframes, operating system concepts, as well mastering JCL skills. After reading this book you will feel more confident to go deeply into the IBM documentation and learn the extra skills needed to your area (databases, networking, programming, etc.).



4. Good reference book, I have it by my desk and use it often.
   
   I wish it had some info on FTP, may be next release.



5. This book is excellently written; clear, concise, and easy to understand. With examples on the opposite page of the text, it is very easy to follow and comprehend. It can easily read front to back or as a reference, it not only clearly explains what, but how and why. I've worked with JCL and mainframes for over 20 years and would strongly recommend this book for beginners or experienced professionals. I keep a well-thumbed, heavily highlighed, tabbed copy in my cube at all times. Keep in mind, this book is updated as dp systems are updated, so don't get the earlier editions (ie, the Second Edition in the gray and black cover) which are obsolete. You only need one book on JCL - this one is it.

5 comments about The Definitive Guide to Grails (Definitive Guide).

1. Really great book!
   
   It shows not only how fast and easy Web Application development can be on the Java Platform what you may expect as this is the book description but it also shows that Grails perfectly combines quality and productivity. High quality applications need to be easily automated testable. Authors presenting new technologies often forget this point but not Graeme who shows through the whole book how to take care to the quality of your application and even dedicates a special chapter to testing.



2. I'm new to groovy/grails and hoped that the book would help me progress beyond the basic examples. Unfortunately this was not the case, as from about page 160 or so I was unable to keep my version of the bookmark application working (using grails 0.5.6). I even downloaded the source for the book and that would not run either. As a suggestion the book source code should be organized via chapter. In that way it is easier to follow the changes as the application is developed.
   
   Having given this book a low rating, it's clearly going to be a great work once the second edition is published (hopefully shortly after the grails 1.0 release). Generally the text was well written, and very informative, and I'll be buying the second edition when it does come out! As a previous poster noted, how Graeme finds the time to do all that he does is amazing.
   
   As to grails, I think it's got real potential, coupled with AJAX and grails should be a killer app - sorry framework.



3. Today's enterprise Java development is complex, tedious and challenging. In spite of numerous frameworks including Spring framework and HIBERNATE trying to address this complexity and make development simple, the truth is it is not simple. The Java developer community deserves a true framework built on very similar agile development principles that Ruby on Rails was built upon; DRY, Convention over Configuration and Boilerplate Code Generation.
   
   Grails combines the power of Java, Groovy, Spring, HIBERNATE and more under the covers and brings out a true framework that increases your productivity to great levels.
   
   This book clearly explains the concepts. Though some of the material and examples are little old compared to the latest Grails release, it is worth reading this book to understand the concepts. It will change the way you think and build Java applications.
   
   A must read by every Java professional.



4. I picked up Graeme's Grails book while in a Barnes & Noble store recently, while waiting out the evening rush hour in Silicon Valley. I've already been fiddling with Ruby on Rails and like it, and although I'd heard of Grails I instinctively thought it couldn't measure up to RoR as a framework. Wow, was I wrong. Graeme does a very good job in explaining and demonstrating how Grails makes it drop dead simple to whip up simple web apps, while also providing a nice compact intro to Groovy the language. The reason I give the book 5 stars is that Graeme clearly understands the real world of app development, and at a higher level, Graeme and his Grails framework takes us a huge leap closer to the Promised Land of computing: when you want it simple, it's simple with sensible defaults, but when you need or want to dive deeper, Grails lets you do that. I could have used Grails and its seamless on demand integration with Java and custom Java libraries many, many times in the past. The thing I kept wishing, when looking at Zope, Ruby on Rails and friends is for some clean way to tap into all the business logic that organizations have spent a decade investing in, via Java and J2EE development. Grails does that! The book is well paced, and I'm very glad I bought it.



5. Reading the theory and having no intentions to do a real project is fine but when you run the book's single example and it fails at every step and on top of that Grails suggest the >grails update which makes worse as this is the only reference. It could have been a good book but there is a huge jump from basic grails create-app to full scale app. If anybody has the working example, I will appreciate using it.

2 comments about PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance.

1. When I first received this book from Syngress I was very excited. I knew nothing about PCI compliance -- other than it was big ticket item and everyone processing Visa transactions was affected in some way because of it. I can honestly say that I tore through this book and didn't put it down until I reached chapter 13. I was completely wrapped up in it as it was something I knew nothing about and wanted to know more!
   
   Chapters 1 through 3 introduce you to the concepts behind PCI compliance including what it is and who needs to comply. These chapters really set the stage for what the rest of the book has to offer the reader.
   
   Chapter 4 provides a technology overview of firewalls, intrusion systems, antivirus solutions, and common system default settings. Personally I felt that Chapter 4 was filler content just to add a chapter. It may, however, serve as a good reference for those in management roles who do not have "hands-on" interaction with the architecture of their environment.
   
   Chapter 5 explains how to go about protecting your cardholder data as dictated by PCI requirements 3 & 4. This is a great chapter for anyone new to securing infrastructure to meet the requirements of a PCI audit. The authors also provide a fantastic section entitled "The Absolute Essentials" which offers suggestions on the minimum protection you can employ to protect your cardholder data.
   
   Chapter 6 was by far my most favorite chapter and Syngress has offered it as a free download from their website. Many of you know what I do for a living and know how important understanding logging and requirements for logging is for my day-to-day duties. This chapter focuses around PCI Requirement 10 which details how you must handle the log data collected in your PCI environment. As soon as I started reading this chapter I knew that Dr. Anton Chuvakin had written this section of the book, or at least had a heavy insight into its direction. This chapter alone makes the book worth its weight in gold.
   
   Chapter 7 details the importance of access control in your PCI environment. For obvious reasons, access to your cardholder data must be recorded and checked with a fine tooth comb. User privileges, authentication, authorization, and user education is also covered in this chapter. This chapter goes further to provide examples of ensuring your Windows, Unix/Linux, and Cisco infrastructure meet PCI requirements.
   
   Chapter 8 explains how to leverage vulnerability management solutions to meet the requirements outlined in sections 5, 6, and 11 of the PCI requirement. The authors also provide two very good case studies to help the reader put things into perspective.
   
   Chapter 9 focusses on the monitoring and testing of your environment. The authors are quick to point out that monitoring and testing must continue even after the audit in order to ensure you remain compliant.
   
   Chapter 10 details how to drive your PCI project from the business side in order to ensure you accomplish your objectives. Suggestions are provided on budgeting time and resources, keeping staff in the loop, and justifying the business case to your executive team. The authors also offer a step-by-step "checklist" for ensuring your project runs smoothly and that all of your bases are covered.
   
   Chapter 11 explains the various responsibilities within the organization for ensuring the PCI project succeeds. One of the key things to take away from this chapter is the role of the Incident Response team and its need to understand the requirements of PCI compliance.
   
   Chapter 12 is a really good "eye-opener" that prepares you for the failure of your first audit. The key thing to take away from this is chapter is to not blame the auditor the same way you shouldn't blame a referee in sports. They're simply there to do their job to the best of their ability. If you have a problem with the way they are doing their job, bring it up with their superior. Perhaps their decision will get overturned?
   
   Chapter 13 brings you into a "OK, now what?" phase. This chapter provides a detailed overview of the various requirements and breaks each requirement into "Policy Checks" and "Hands-on Assessments" sections. The policy checks discuss policies that should be reviewed to verify that they are up-to-date and the hands-on assessments sections give ideas on testing these policies. The beauty part is that the authors suggest open source solutions to help you protect your PCI compliant investment.
   
   I give this book 5 stars as it is the best PCI reference I have found on the market. Everything I found in this book will allow me to understand the compliance requirements of my existing customers, their process, and their overall goals. Hats off to the entire team of authors.



2. It has long been rumored that manufacturers of items such as razors and batteries specifically produce their products an inferior level in order to ensure repeat business. A similar paradox is occurring in the information security space where many are complaining that the PCI Data Security Standard (PCI DSS) is too complex and costly. What is most troubling is that such opinions are being written in periodicals and by people that should know better.
   
   PCI came to life when Visa, MasterCard, American Express, Diner's Club, Discover, and JCB collaborated to create a new set of standards to deal with credit card fraud. PCI requires that all merchants and service providers that handle, transmit, store or process information concerning any of these cards, or related card data, be required to be compliant with the PCI DSS. If they are not compliant, they can face monetary penalties and/or have their card processing privileges terminated by the credit card issuers.
   
   The primary purpose of PCI is to force organizations to embrace common security controls to protect credit card data and reduce fraud and theft. The following are the six primary control areas and 12 specific requirements of the PCI DSS:
   Build and maintain a secure network
   1. Install and maintain firewall configurations
   2. Do not use vendor-supplied or default passwords
   
   Protect cardholder data
   3. Protect stored data
   4. Encrypt transmissions of cardholder data across public networks
   
   Maintain a vulnerability management program
   5. Use and regularly update anti-virus software
   6. Develop and maintain secure systems and applications
   
   
   Implement Strong Access Control Measures
   7. Restrict access to need-to-know
   8. Assign unique IDs to each person with computer access
   9. Restrict physical access to cardholder data
   
   Regularly monitor and test networks
   10. Monitor and track all access to network resources and cardholder data
   11. Regularly test security systems and processes
   
   Maintain an information security policy
   12. Maintain a policy that addresses information security
   
   A quick review of these 12 items shows that PCI is a textbook example of the fundamentals of information security. With that, PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance is an excellent resource that provides the reader with all of the fundamental information needed to understand and implement PCI DSS.
   
   The books 13 chapters provide the reader with a comprehensive overview of all of the details and requirements of PCI. The first three chapters provide an overview of the basics about PCI and the basic requirements of the standard. The following six chapters go into detail about each of the primary control areas.
   
   In particular, chapter 6 provides a good overview of the PCI logging requirements. This requirement can be time-consuming to put into place. The author notes that a commonly overlooked but essential requirement, namely that of accurate and synchronized time on network devices. Enterprise information network and security infrastructure devices are highly dependent on synchronized time and PCI recognizes that correct time is critical for transactions across a network.
   
   In a further discussion about synchronized time in chapter 9, the author unfortunately makes an error when he states that local hardware is considered a stratum 1 time source since it gets its time from its own CMOS. From an NTP perspective, only a device that is directly linked to a stratum-0 device is called a stratum-1. CMOS clocks are notoriously inaccurate and can't be relied upon.
   
   The title of chapter 12 is both amusing and accurate `Planning to fail your first Audit'. The irony is that so many organizations lack a CISO or formal business security program in place designed to protect corporate information assets. They don't focus on information security as a process, rather as a set of products or regulatory items to be checked-off. Yet, these same organizations are surprised when they fail an audit.
   
   The book concludes in chapter 13 with the well-known observation that security is a process, not an event. The book astutely notes that it is impossible to be PCI compliant without approaching security as a process. Trying to achieve compliance without integrating the various aspects in an integrated fashion is bound to fail.
   
   Overall, PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance is a great book for one of the most sensible security standards ever. Anyone who has PCI responsibilities or wants to gain a quick understanding of the PCI DSS requirements will find the book to be quite valuable.