Arts & Photography
Audio CDs
Audiocassettes
Biographies & Memoirs
Business & Investing
Children's Books
Christianity
Comics & Graphic Novels
Computers & Internet
Cooking, Food & Wine
Entertainment
Gay & Lesbian
Health, Mind & Body
History
Home & Garden
Horror
Literature & Fiction
Mystery & Thrillers
Nonfiction
Outdoors & Nature
Parenting & Families
Professional & Technical
Reference
Religion & Spirituality
Romance
Science
Science Fiction & Fantasy
Sports
Teens
Travel
Women's Fiction
|
 |
Defend I.T. : Security by Example |
List Price: $34.99
Your Price: $22.04 |
 |
|
|
|
| Product Info |
Reviews |
Rating: 
Summary: A good book that's very easy to read and understand
Review: The problem with a lot of security books is that they are either really generic or highly specific. They teach the principles of security as well as the software and hardware that are necessary to help to secure a company, but they are either too generalized or are written with the assumption that every company will always and forever have certain hardware (coughCiscocough) in their organization.
Some books take the opposite view and assume that all companies are equal and therefore can successfully utilize a "one size fits all" methodology. Many of these books also include hypothetical situations of hacks and responses to the attack, but many do not go into a lot of detail or solid explanations of what happened.
But the reality is that every company is different; every network is different; every security vulnerability is different; and attacks are real, not hypothetical.
"Defend I.T.: Security By Example" takes a different approach to corporate security. Rather than state a number of hypothetical and theoretical scenarios for computer attacks, this book instead takes numerous case studies of how real companies were hacked, the methods by which the hackers broke in, and the steps that were taken by each company to remediate the situations. This is not hypothetical information - this is the real deal.
Some of the threats (and the way that they were detected and fought) include VPN hacking, worms, virii, WiFi, war dialing (yes, some people still do that), and even complete computer room failure.
Additionally, the book covers incidents like cyber extortion, executive fraud, and industrial espionage. After all, not all attacks against intellectual property are committed from the outside world.
Each chapter reads the same way for the most part. Each scenario is described in generic terms, followed by the way that the attack was successful, including methods that were used to hide the attack, how the attack was discovered, how the remedies were implemented, and a final section of what lessons were learned from the experience.
One thing about this book that irritated me is that fact that the company names were replaced in order to "protect the innocent". The truth is that there are no innocents in security. We have the hacker, of course, who is obviously not innocent. But when we are dealing with a company (in whom a great deal of trust is placed) that did not take adequate steps to protect their network, that company is not totally innocent either.
These companies might have been companies that you or I deal with regularly. If our private information and money is or was at risk, then we have the right to know about that, not only to determine if we want to do business with that company but also to investigate any follow-up work that was done after the incident.
And as expected the author did not dare to touch the very factual notion that replacing Internet Explorer and Outlook could reduce virus and trojan infection by an order of magnitude at the current time. One thing that I have learned over the years is that security writers are terrified of treading on the toes of the Mighty Bill, and this book unfortunately is no exception.
Regardless, this is a good book to have in every I.T. bookshelf.
Rating: 
Summary: An important guide to methods of attacks and prevention
Review: There's a virtual war happening between IT professionals and those who use the Internet for destructive purposes ranging from computer crimes and hacking to virus and worm creations, but until now no title has tackled the stories of these events and what was done right or wrong in actual computer security attacks. Ajay Gupta is founder and president of Gsecruity, an expert on cyber security and information protection, and works with Scott Laliberte, leader of Protiviti's National Information Security Practices, to provide an important guide to methods of attacks and prevention. IT professionals and network administrators alike will findDefend I.T. enlightening, telling how to tap the latest computer security practices and understand industry trends. Highly recommended.
|
|
|
|
