The Executive Guide to Information Security: Threats, Challenges, and Solutions Review

Average Reviews:

(More customer reviews)A fun book on security for executives and managers? Unbelievable, you'd say? This one ("The Executive Guide to Information Security") comes pretty close.
On the down side, do not look at this book for technology coverage. Almost total lack of coverage of intrusion prevention, spyware, spam as well as some Symantec bias (understandable, considering the publisher) make this book much stronger on the policy, process and "big picture" coverage rather on modern technical threats and countermeasures. Slightly confusing coverage of vulnerability management also falls in the same category. However, given the target audience of CEOs and CFOs, this is certainly excusable.
The book introduces the executives to basic security concepts such as "defense-in-depth", "people, process, technology", etc, and goes into details on using them for organizing security for their organizations.
I also appreciated the sections on planning and executing a security strategy and measuring security by using various included checklists and questionnaires. 50-point security evaluation framework based on"best practices" was another valuable piece. The books also address one of the important questions of organizational security: in-house vs outsourced security.
Regulations and laws also occupy a significant part of the book. The coverage is high-level and provides few details, appropriate given the target audience. A section on future security was pretty insightful and enjoyable to read!
Overall, I think the book will be one of the first (and, so far, best) books about security for the "C-level" crowd.
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II". In his spare time, he maintains his security portal info-secure.org


Click Here to see more reviews about: The Executive Guide to Information Security: Threats, Challenges, and Solutions

The book provides a pragmatic approach to evaluating security at a companyand putting together an effective information security program. The bookfocuses on three key themes; People, Processes, and Technology and isorganized according to the steps executives would follow in order to developan information security program for their company. Key elements of theprogram include staffing this function at a company, putting the necessaryinternal processes in place, and implementing the appropriate technology.Business executives will find this book a good primer for understanding the keyexisting and future security issues, and for taking the necessary action to ensurethe protection of their enterprise's information assets.The objective of this book is to provide a "short cut" for executives to learnmore about information security and how it will affect their business in thefuture. An overview of information security concepts is provided, so they canbe better prepared to evaluate how their company is addressing informationsecurity.

Get 31% OFF

Click here for more information about The Executive Guide to Information Security: Threats, Challenges, and Solutions

Read More...

Mapping Security: The Corporate Security Sourcebook for Today's Global Economy Review

Average Reviews:

(More customer reviews)Creating an effective information security infrastructure for a large multi-national company is a challenge. Above and beyond the technology, the software, and the hardware, there are non-tangibles, specificially the cultures and laws where the security solutions, people, and technology will be deployed. Deploying technology without considering the local environment and culture is a sure-fire way to undermine a project.
Today's technology infrastructure is getting more and more complex. Companies are more global with more porous borders. Outsourcing is increasing dramatically, creating an additional need to understand the cultures in the remote locations.
Given all that, Mapping Security: The Corporate Security Sourcebook for Today's Global Economy is a valuable guidebook to deploying information security outside of the United States. Author Tom Patterson is a former Big 4 Information Security partner whose job responsibilities saw him living abroad for much of his adult life. The book is not so much a network security title, but rather a guide to performing the business of security across various cultural and physical borders. Mapping Security is management-level source book for companies and organizations that do - or plan to do - business outside of the United States. Patterson takes his years of living abroad, his successes and his failures, his war stories, and his challenges, and maps them into a usable framework so the reader can better deploy an information security program.
In the book, Patterson details the various opportunities and challenges in each geographic sector across the globe and provides security best practices, rules, and customs for 30 countries. Patterson does a good job of explaining how and where Americans are often perceived to be arrogant by having a overly U.S.-centric view of things.
The book is divided in three parts. Part 1 details the manner in which an effective information security infrastructure can be developed. Chapters 1 through 7 show the necessary steps to building an effective security culture. The book, especially Part 1, is focused not so much on specific technology but rather the processes in which to develop such a security infrastructure.
The heart of the book is in Part 2 where Patterson details his Mapping Security Index (MSI). The function of the MSI is to provide the reader with a metric to determine how an organization can perform security functions in a different country. The book has an MSI for 30 countries, but it does not detail every country, only those where U.S.organizations are likely to do business.
Peterson's expertise comes from living abroad extensively and bringing to the table how business should be done in whatever country you are dealing with. Two of the countries with the highest MSI are Netherlands (90) and Canada (93), with Russia (26) and Saudi Arabia (32) at the bottom. The main advantages of the Netherlands and Canada are that they both have a safe, stable, and effective infrastructure in which to build an information security organization.
Russia, on the other hand, while having a strong technical outsourcing potential has a legal and technical infrastructure that is significantly lacking. Additionally, most other business services are not yet on par with the rest of the region. As to Saudi Arabia, Patterson notes that while it provides a growing domestic marketing, it is an extremely difficult security partner to deal with and has very little cross-border activity. There is extremely little opportunity for women when it comes to the region. He notes that it is practically impossible for women to do business there and observes that "surrendering gender equity is simply the cost of doing business in Saudi Arabia".
Part 3 of the book deals with that challenge of mapping various laws and regulations from different countries. Part of the challenge and headache is dealing with laws from different countries that are contradictory. For example, one country might require an organization to capture and report customer information, while another country forbids it. The question becomes whose law do you break? That is not an easy question to answer, but it is one that needs to be considered.
The author notes that security standards and regulations are the biggest drivers for security around the world and a misstep in dealing with regulations can create the scenario where one could face business impairments, fines, or even prison.
Overall, Mapping Security: The Corporate Security Sourcebook for Today's Global Economy is a very valuable reference guide for anyone who needs to deal with information security in different countries and cultures. By relating security to the international community, the book enables the reader to avoid making those mistakes that can sink a security project.
Patterson has a keen business insight, and the book provides many of his war stories (from illegal barbeques in Germany to an innocuous racial fax paus in South Africa). The book is not overly technical in nature and is both entertaining and informative. For anyone that plans to deploy security outside of the United States Mapping Security should be required reading.


Click Here to see more reviews about: Mapping Security: The Corporate Security Sourcebook for Today's Global Economy

Get 31% OFF

Click here for more information about Mapping Security: The Corporate Security Sourcebook for Today's Global Economy

Read More...

Electronic Commerce: Principles and Practice Review

Average Reviews:

(More customer reviews)Hossein Bidgoli's Electronic Commerce: Principles and Practice is a comprehensive reference and analysis of a phenomenon that has globally revolutionized economics as we know it: e-commerce, the buying and selling of goods and services over the Internet, potentially to anywhere in the world. Among the many specific issues addressed by this fantastic guide are marketing and advertising on the World Wide Web, security issues, legal and tax issues, and how to build a successful e-commerce site. Projects and exercises to test your understanding conclude each chapter. The text's wording is straightforward, deliberately geared toward people who have had little or no experience with the Internet, and clear enough for the lay person to easily understand; anyone with a little spare time can use Electronic Commerce to teach themselves the same basic knowledge offered in entry-level seminars for hundreds of dollars of tuition. Electronic Commerce covers everything except how to create a webpage in HTML or write programs with specific computer languages/softwares, and is an invaluable, basic primer for anyone who is new to the art and skill of doing business over the Internet!

Click Here to see more reviews about: Electronic Commerce: Principles and Practice

Click here for more information about Electronic Commerce: Principles and Practice

Read More...

Computer Security: Principles and Practice Review

Average Reviews:

(More customer reviews)Stallings and Brown directs the book at a computer professional, who might be a programmer or system administrator. The book deliberately minimises the mathematical aspects. Much of the topic consists of layers above sophisticated encryption algorithms. Alas, a detailed treatment of the latter often requires heavy math background. If you do desire such a treatment, I recommend Matt Bishop's Introduction to Computer Security. That book was deprecated by some reviewers, who found it too mathematical.
Anyway, back to Stallings and Brown. It does proffer good technical explanations of various malware. Like worms and viruses. And attack modes like Denial of Service, and Distributed Denial of Service. Important variants are also covered - reflector and amplifier attacks.
Countermeasures to malware then naturally enter the narrative. So you learn how a firewall functions. Plus how to set up a honeypot to attract spam, phishing and malware.
So far, the above might be regarded as external attacks on your system. Sometimes, worms or viruses might try to take advantage of weaknesses in installed programs. Hence, another section of the book is for those of you who write such programs. Explaining how to guard against buffer and stack overflows, for example. These 2 are perhaps the most common entry points for malware.

Click Here to see more reviews about: Computer Security: Principles and Practice

Get 31% OFF

Click here for more information about Computer Security: Principles and Practice

Read More...