REVIEW: "How to Cheat at Managing Information Security", Mark Osborne
- BKHTCMIS.RVW 20080219
"How to Cheat at Managing Information Security", Mark Osborne, 2006,
%A Mark Osborne www.interoute.com
%C 800 Hingham Street, Rockland, MA 02370
%I Syngress Media, Inc.
%O U$39.95/C$51.95 781-681-5151 www.syngress.com amy@...
%O Audience i Tech 2 Writing 2 (see revfaq.htm for explanation)
%P 315 p.
%T "How to Cheat at Managing Information Security"
The introduction states that this book is intended to cover the basic
concepts of information security, and fundamental information about
the tools involved.
Chapter one discusses where the security function should be placed in
organizational structures. What is a policy is, and isn't, as well as
what it does and does not do, is reviewed in chapter two. Some basic
terms and concepts are described in chapter three, although the level
of the material varies quite a bit. Chapter four looks at some UK and
US laws related to information security. Terse (but, within limits,
realistic) comments on some of the major and popular security
frameworks are provided in chapter five.
Chapter six is a set of anecdotes from some really bad job interviews.
Osborne uses a lot of anecdotes, at least one at the beginning of
every chapter. The stories are amusing, but really don't serve to
support or cement any of the security points under discussion.
Chapter seven outlines some security aspects of network topology. The
advice is decent, but there are too many diagrams that are poorly
explained. Firewall concepts are presented in chapter eight, but
largely from a vendor perspective. Chapter nine takes a much more
realistic look at intrusion detection systems than is usually the
case, noting that the devices are not a panacea for security overall
and require a number of factors that are seldom noted in the general
literature. More details of implementing the technology are given in
chapter ten. Chapter eleven, I am delighted to see, addresses the
difficulty in defining the term "intrusion prevention system," and
then goes on to list the variety of technologies that may exist under
that banner. The practicalities and problems of penetration testing
are examined in chapter twelve. Some application security issues are
briefly described in chapter thirteen.
While not a complete guide to information security, this book does
provide a solid starting point, and useful tips that are often missed
in a number of the works that have been thrown on the security
bandwagon. I would not have a problem in recommending it to those who
are in the initial stages of securing their own networks, as long as
they have a basic knowledge of system administration.
copyright Robert M. Slade, 2008 BKHTCMIS.RVW 20080219
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
It can be shown that for any nutty theory, beyond-the-fringe
political view or strange religion there exists a proponent on
the Net. The proof is left as an exercise for your kill-file.
- Bertil Jonell