IT Security: Risking the Corporation

IT Security: Risking the Corporation
by Linda McCarthy

IT Security: Risking the Corporation
List Price: $34.99
Our Price: $17.00
You Save: $17.99 (51%)
Availability: Usually ships in 1-2 business days
Buy Used: from $2.70 (click here)
Category: Book
See more book details and other editions


or
Compare Prices for IT Security: Risking the Corporation

Book Summary Information

Author: Linda McCarthy
Edition: Paperback
Audio: English (Unknown); English (Original Language); English (Published)
Published: 2003-03-06
ISBN: 013101112X
Number of pages: 272
Publisher: Prentice Hall

Book Reviews of IT Security: Risking the Corporation

Book Review: Disappointing; an "audit everything" approach to incidents
Summary: 3 Stars

When I saw Gene Spafford's glowing foreword to "IT Security," I expected a good read. This book did not deliver, and Spafford's suggestion that those seeking "deeper insight" consult "IT Security" rings hollow. I wondered if Spafford even read this very book when he wrote "all too often, management depends on the services or writings of self-professed experts whose whole experience has been in downloading and running pre-packaged penetration tools written by others." (p. xiv) The author's own words fit this mold. Consider these quotes:

"I thought these would be fun systems to break into, just because of the nature of the information stored. My last reason [to run a penetration test] was that I had some new toys I wanted to play with. Brad Powell, a known force in security circles for years, had just passed me some great new break-in tools." (p. 74) This sounds like the very sort of person chastised by Spafford.

I was also appalled by the author's readiness to disparage her clients. Consider these, from three "real security audits":

"Did the company consider legal data and financial data unimportant to secure? Or were Kenji and Dawn simply clueless?" (p. 75)

"In my opinion, he was a real loser." (p. 61)

"Joseph clearly fit into what I call the big-L category, and that's 'L' for loser." (p. 102)

Beyond these choice words by a consulting "professional," the author demonstrates no concept of proper incident response procedures. Anyone following her example will destroy evidence and corrupt investigations. In chapter 2, she "helps" an ISP known to be suffering extensive compromise: "within seconds, I had broken root and gained full control of their main sever." (p. 25). What sort of incident response expert collects evidence by breaking into a suspect system? Similar "advice" appears in chapter 3, where "arguably the best security guru in the company" responds by "testing the network for security vulnerabilities" during the latest crisis.

"IT Security" also shows a lack of understanding regarding IDS operations and the security "big picture." The author casually writes "Most IDS can detect the attack only if a signature exists. Sounds silly if you think about it. . . Make sure your IDS can detect new zero-day attacks." (p. 11) While this may make sense on the surface, this breezy statement has no supporting advice and is of little help. The author then claims "You need to know when your company last did a security audit. That is the only way to be sure that your systems are secure." (p. 27). The only thing an audit reveals is the level of risk the day the audit completed. Security is a journey, not a destination!

I rated "IT Security" three stars because the "Let's Not Go There" sections actually contain good advice. Beware the rest of the material.

Write your own review
More IT Security: Risking the Corporation reviews:
1 2

Summary of IT Security: Risking the Corporation

Security is more about people and policies than about techie details. Linda McCarthy's IT Security: Crimes and Misdemeanors gives you more than the title promises. It is not only a collection of enlightening case studies based on real security audits, but the author also gives a brief and to-the-point analysis of the real risks in the way systems are installed, configured, supported and managed. The book deliberately does not go into technical details, so anyone who is interested in network security will find it easy to read. Discusses and documents the importance of a security policy, the impact of organizational politics, and includes actual transcripts of break-ins and checklists of preventive security measures. It won't come as news to IT pros that cybercrime is soaring. But a new slate of stats reveals just how bad the situation really is. Research firm Computer Economics predicts computer crime will more than double this year while virus incidents are expected to increase by 22 percent.

Privacy Books
Book Subjects
Most talked about in Privacy Books
Cryptography Decrypted ImageCryptography Decrypted
by H. X. Mel, Doris M. Baker
Addison-Wesley Professional; Published: 2000-12-31; Paperback; Book
Best price: $30.00
Price in other shops: $54.99
The Law of Copyright and the Internet: The 1996 WIPO Treaties, Their Interpretation and Implementation ImageThe Law of Copyright and the Internet: The 1996 WIPO Treaties, Their Interpretation and Implementation
by Mihï¿1/2ly Ficsor
Oxford University Press, USA; Published: 2002-05-16; Hardcover; Book
Best price: $157.11
Price in other shops: $510.00
Network Security for Government and Corporate Executives ImageNetwork Security for Government and Corporate Executives
by Rand Morimoto, Chris Amaris, Andrew Abbate, Mark Weinhardt
Prentice Hall; Published: 2006-10-01; Paperback; Book
Best price: $70.00
Price in other shops: $73.33
Myspace: Safe Online Networking for Your Kids ImageMyspace: Safe Online Networking for Your Kids
by Larry Magid, Anne Collier
Prentice Hall; Published: 2006-12-07; Paperback; Book
Using Set for Secure Electronic Commerce with CDROM ImageUsing Set for Secure Electronic Commerce with CDROM
by Grady Drew
Prentice Hall PTR; Published: 1998-11-30; Paperback; Book
Best price: $3.80
Price in other shops: $44.99
Network Security: Private Communication in a Public World (2nd Edition) ImageNetwork Security: Private Communication in a Public World (2nd Edition)
by Charlie Kaufman, Radia Perlman, Mike Speciner
Prentice Hall; Published: 2002-05-02; Hardcover; Book
Best price: $54.99
Price in other shops: $84.99
Windows Internet Security: Protecting Your Critical Data ImageWindows Internet Security: Protecting Your Critical Data
by Seth Fogie, Cyrus Peikari
Prentice Hall; Published: 2001-10-07; Paperback; Book
Best price: $6.99
Price in other shops: $39.99
Administrating Web Servers, Security, & Maintenance Interactive Workbook ImageAdministrating Web Servers, Security, & Maintenance Interactive Workbook
by Eric Larson, Brian Stephens
Prentice Hall; Published: 2000-01-09; Paperback; Book
Best price: $12.99
Price in other shops: $65.32
Keeping Found Things Found: The Study and Practice of Personal Information Management (Interactive Technologies) ImageKeeping Found Things Found: The Study and Practice of Personal Information Management (Interactive Technologies)
by William Jones
Morgan Kaufmann; Published: 2007-11-15; Paperback; Book
Best price: $34.00
Price in other shops: $57.95
Upgrade Your Life: The Lifehacker Guide to Working Smarter, Faster, Better ImageUpgrade Your Life: The Lifehacker Guide to Working Smarter, Faster, Better
by Gina Trapani
Wiley; Published: 2008-03-17; Paperback; Book
Best price: $5.99
Price in other shops: $29.99
Similar Books and other products
Negotiation ImageNegotiation
by Roy Lewicki, David Saunders, Bruce Barry
McGraw-Hill/Irwin; Published: 2009-03-23; Paperback; Book
Best price: $99.99
The Juggler's Guide to Managing Multiple Projects ImageThe Juggler's Guide to Managing Multiple Projects
by Michael S. Dobson
Project Management Institute; Published: 1999-12; Paperback; Book
Best price: $27.64
Price in other shops: $32.95
Achieving Project Management Success Using Virtual Teams ImageAchieving Project Management Success Using Virtual Teams
by Parviz F. Rad, Ginger Levin
J. Ross Publishing, Inc.; Published: 2003-03; Hardcover; Book
Best price: $37.95
Price in other shops: $49.95
Marketing Strategy ImageMarketing Strategy
by O. C. Ferrell, Michael Hartline
South-Western College Pub; Published: 2010-04-01; Paperback; Book
Best price: $99.87
Price in other shops: $194.95
Risk Management and Insurance ImageRisk Management and Insurance
by Scott Harrington, Gregory Niehaus
McGraw-Hill/Irwin; Published: 2003-07-15; Hardcover; Book
Best price: $111.28
Business Data Networks and Telecommunications (8th Edition) (Pearson Custom Business Resources) ImageBusiness Data Networks and Telecommunications (8th Edition) (Pearson Custom Business Resources)
by Raymond R Panko, Julia Panko
Prentice Hall; Published: 2010-08-04; Hardcover; Book
Best price: $125.00
Price in other shops: $200.00
Beyond Fear: Thinking Sensibly About Security in an Uncertain World. ImageBeyond Fear: Thinking Sensibly About Security in an Uncertain World.
by Bruce Schneier
Copernicus; Springer; Published: 2003-05-04; Hardcover; Book
Best price: $0.71
Price in other shops: $25.00
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers ImageThe Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
by Kevin D. Mitnick, William L. Simon
Wiley; Published: 2005-03-04; Hardcover; Book
Best price: $12.85
Price in other shops: $39.95
Secrets and Lies: Digital Security in a Networked World ImageSecrets and Lies: Digital Security in a Networked World
by Bruce Schneier
Wiley; Published: 2004-01-30; Paperback; Book
Best price: $6.74
Price in other shops: $17.95
The Art of Deception: Controlling the Human Element of Security ImageThe Art of Deception: Controlling the Human Element of Security
by Kevin D. Mitnick, William L. Simon
Wiley; Published: 2003-10-17; Paperback; Book
Best price: $8.88
Price in other shops: $16.95
DVD Video | VHS Video | Music CDs | Health and Personal Care | Digital Cameras and Photo | Kitchen and Housewares | Tools and Hardware | Sports Equipment | Dresses shirts shoes apparel pants
Copyright © 2005-2007 booknear.com
Google
 
Web booknear.com

Booknear.com