Beautiful Security: Leading Security Experts Explain How They Think
List Price:
Our Price: $29.55
You Save: $10.44 (26%)
Availability: Usually ships in 1-2 business days
Buy Used: from $1.72 (click here)
Category: Book
See more book details and other editions
Book Summary Information
Editor: Andy OramEditor: John Viega
Edition: Paperback
Audio: English (Unknown); English (Original Language); English (Published)
Published: 2009-05-05
ISBN: 0596527489
Number of pages: 304
Publisher: O'Reilly Media
Product features:
- ISBN13: 9780596527488
- Condition: New
- Notes: BRAND NEW FROM PUBLISHER! 100% Satisfaction Guarantee. Tracking provided on most orders. Buy with Confidence! Millions of books sold!
Book Reviews of Beautiful Security: Leading Security Experts Explain How They Think
Book Review: An eye-opening book that will challenge you
Summary: 5 Stars
Books that collect chapters from numerous expert authors often fail to do more than be a collection of disjointed ideas. Simply combining expert essays does not always make for an interesting, cohesive read. Beautiful Security: Leading Security Experts Explain How They Think is an exception to that and is definitely worth a read. The books 16 chapters provide an interesting overview to the current and future states of security, risk and privacy. Each chapter is written by an established expert in the field and each author brings their own unique insights and approach to information security.
A premise of the book is that most people don't give security much attention until their personal or business systems are attacked or breached. The book notes that criminals often succeed by exercising enormous creativity when devising their attacks. They think outside of the box which the security people built to keep them out. Those who create defenses around digital assets must similarly use creativity when designing an information security solution.
Unfortunately, far too few organizations spend enough time thinking creatively about security. More often than not, it is simply about deploying a firewall and hoping the understaffed security team can deal with the rest of the risks.
The 16 essays, arranged in no particular theme are meant to show how fascinating information security can be. This is in defense to how security is often perceived, as an endless series of dialogue boxes and warnings, or some other block to keep a user from the web site or device they want to access. Each of the 16 essays is well-written, organized and well-argued. The following 4 chapter are particularly noteworthy.
Chapter 3 is titled Beautiful Security Metrics and details how security metrics can be effectively used, rather than simply being a vehicle for creating random statistics for management. Security metrics are a critical prerequisite for turning IT security into a science, instead of an art. With that, author Elizabeth Nichols notes that the security profession needs to change in ways that emulate the medical professional when it comes to metrics. She notes specifically that security must develop a system of vital signs and generally accepted metrics in the same way in which physicians work. The chapter also provides excellent insights on how to use metrics and how metrics, in addition to high-level questions that can be used to determine how effective security is within an organization.
Chapter 6 deals with online-advertising and the myriad problems in keeping it honest. Author Benjamin Edelman observed a problem with the online supply chain world, as opposed to brick and mortar (BAM) world, in that BAM companies have long-established procurement departments with robust internal controls, and carefully trained staff who evaluate prospective vendors to confirm legitimacy. In the online world, predominantly around Google AdSense, most advertisers and advertising networks lack any comparable rigor for evaluating their vendors. That has created a significant avenue for online advertising fraud, of which the on-line advertising is a victim to.
Edelman writes that he has uncovered hundreds of online advertising scams defrauding hundreds of thousands of users, in addition to the merchants themselves. The chapter details many of the deceptive advertisements that he has found, and shows how often web ads that tout something for free, is most often far from it.
Chapter 7 is about the PGP and the evolution of the PGP web of trust scheme. The chapter is written by PGP creator Phil Zimmerman, and current PGP CTO Jon Callas. It has been a long while since Zimmerman has written anything authoritative about PGP, so the chapter is a welcome one. Zimmerman and Callas note that while a lot has been written about PGP, much of it though containing substantial inaccuracies. The chapter provides invaluable insights into PGP and the history and use of cryptography. It also gives a thorough overview of the original PGP web of trust model, and recent enhancements bring PGP's web of trust up to date.
Chapter 9 is one of the standout chapters in the book. Mark Curphrey writes about the need to get people, processes and technology to work together so that the humans involved in information security can make better decisions. In the chapter, Curphrey deals with topical issues such as cloud computing, social networks, security economics and more. Curphrey notes that when he starts giving a presentation, he does it with the following quotation from Upton Sinclair -- "it's difficult to get a man to understand something when his salary depends on him not understanding it". He uses the quote to challenge listeners (and readers in this case) to question the reason why they are being presented the specific ideas, which serves as a reminder of common, subtle biases for thoughts and ideas presented as fact.
In its 250 pages, Beautiful Security is both a fascinating an enjoyable read. There are numerous security books that weight a few pounds a use reams of paper, that don't have a fraction of the real content that Beautiful Security has. With other chapters from industry luminaries such as Jim Routh, Randy Sabett, Anton Chuvakin and others, Beautiful Security is a required read.
For those that have an interest in information security or those that are frustrated by it, Beautiful Security is an eye-opening book that will challenge you, and change the way you think about information security. It is a good book for those whose who think information security is simply about deploying hardware, and an even better book for those who truly get information security.
Summary of Beautiful Security: Leading Security Experts Explain How They Think
In this thought-provoking anthology, today's security experts describe bold and extraordinary methods used to secure computer systems in the face of ever-increasing threats. Beautiful Security features a collection of essays and insightful analyses by leaders such as Ben Edelman, Grant Geyer, John McManus, and a dozen others who have found unusual solutions for writing secure code, designing secure applications, addressing modern challenges such as wireless security and Internet vulnerabilities, and much more. Among the book's wide-ranging topics, you'll learn how new and more aggressive security measures work--and where they will lead us. Topics include:- Rewiring the expectations and assumptions of organizations regarding security
- Security as a design requirement
- Evolution and new projects in Web of Trust
- Legal sanctions to enforce security precautions
- An encryption/hash system for protecting user data
- The criminal economy for stolen information
- Detecting attacks through context
Go beyond the headlines, hype, and hearsay. With Beautiful Security, you'll delve into the techniques, technology, ethics, and laws at the center of the biggest revolution in the history of network security. It's a useful and far-reaching discussion you can't afford to miss.
Culture Books
Book Subjects
- Arts & Photography
- Biographies & Memoirs
- Business & Investing
- Children's Books
- Comics & Graphic Novels
- Computers & Internet
- Cooking, Food & Wine
- Entertainment
- Gay & Lesbian
- Health, Mind & Body
- History
- Home & Garden
- Horror
- Law
- Literature & Fiction
- Mystery & Thrillers
- Nonfiction
- Outdoors & Nature
- Parenting & Families
- Professional & Technical
- Reference
- Religion & Spirituality
- Romance
- Science
- Science Fiction & Fantasy
- Sports
- Teens
- Travel
Most talked about in Culture Books
A History of Modern Computing (History of Computing)by Paul E. Ceruzzi
The MIT Press; Published: 1998-10-12; Hardcover; Book
Best price: $11.58
Price in other shops:
Electric Sounds: Technological Change and the Rise of Corporate Mass Media (Film and Culture Series)by Steve Wurtzler
Columbia University Press; Published: 2008-12-24; Paperback; Book
Best price: $22.46
Price in other shops:
Computer Programming in the Basic Languageby Zeney P. Jacobs
Allyn & Bacon; Published: 1982-10; Paperback; Book
Best price: $18.84
Price in other shops:
CYBERREGSby Bill Zoellick
Addison-Wesley Professional; Published: 2001-09-04; Hardcover; Book
Best price: $5.25
Price in other shops:
Dark Ages II: When the Digital Data Dieby Bryan Bergeron
Pearson Education; Published: 2001-09; Paperback; Book
Best price: $8.00
Price in other shops:
Hvac Control in the New Millenniumby Michael F. Hordeski
Prentice Hall; Published: 2001-02-01; Hardcover; Book
Best price: $94.99
Price in other shops:
A Gift of Fire: Social, Legal, and Ethical Issues for Computers and the Internet (2nd Edition)by Sara Baase
Prentice Hall; Published: 2002-06-15; Paperback; Book
Best price: $14.97
Price in other shops:
WebCaster Macintosh: How to Create and Serve Internet Cybercasts Without Really Tryingby Bob LeVitus, Jeff Evans
AP Professional; Published: 1997-10-31; Paperback; Book
WebCaster Windows: How to Create and Serve Internet Cybercasts Without Really Tryingby Bob LeVitus, Jeff Evans
AP Professional; Published: 1997-10-31; Paperback; Book
Lighting Photo Workshopby Chris Bucher
Wiley; Published: 2007-07-10; Paperback; Book
Best price: $14.25
Price in other shops:
Similar Books and other products
Secure Coding in C and C++by Robert C. Seacord
Addison-Wesley Professional; Published: 2005-09-19; Paperback; Book
Best price: $33.89
Price in other shops:
Social Engineering: The Art of Human Hackingby Christopher Hadnagy
Wiley; Published: 2010-12-21; Paperback; Book
Best price: $17.99
Price in other shops:
Beautiful Architecture: Leading Thinkers Reveal the Hidden Beauty in Software Designby Diomidis Spinellis, Georgios Gousios
O'Reilly Media; Published: 2009-01-27; Paperback; Book
Best price: $18.00
Price in other shops:
The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series)by Patrick Engebretson
Syngress; Published: 2011-08-04; Paperback; Book
Best price: $18.26
Price in other shops:
Secrets and Lies: Digital Security in a Networked Worldby Bruce Schneier
Wiley; Published: 2004-01-30; Paperback; Book
Best price: $6.74
Price in other shops:
The Myths of Security: What the Computer Security Industry Doesn't Want You to Knowby John Viega
O'Reilly Media; Published: 2009-06-26; Paperback; Book
Best price: $14.99
Price in other shops:
Hacking: The Next Generation (Animal Guide)by Nitesh Dhanjani, Billy Rios, Brett Hardin
O'Reilly Media; Published: 2009-09-28; Paperback; Book
Best price: $20.55
Price in other shops:
Building Secure Software: How to Avoid Security Problems the Right Wayby John Viega, Gary McGraw
Addison-Wesley Professional; Published: 2001-10-04; Hardcover; Book
Best price: $33.50
Price in other shops:
IT Security Metrics: A Practical Framework for Measuring Security & Protecting Databy Lance Hayden
McGraw-Hill Osborne Media; Published: 2010-06-21; Paperback; Book
Best price: $22.82
Price in other shops:
Security Engineering: A Guide to Building Dependable Distributed Systemsby Ross J. Anderson
Wiley; Published: 2008-04-14; Hardcover; Book
Best price: $43.75
Price in other shops: