Corporate Computer and Network Security

Customer Reviews:

Excellent for Management level.......2006-03-19

I just finished reading this one and I found it to be very helpful for a person trying to find management level understanding of security, I have been working with networking and security for the last 10 years of my life and it has been very helpful to pinpoint several management aspects that technology savvy people (I prefer that over geek) usually don't follow or look at. I enjoyed the explanations, everything was very easy to read and understand, the introduction to cryptography is simply one of the best I have found out there. Again, if you are a technical guru looking for technical advice there is no much use to it in this book, OS, Networks and other practitioner level stuff are not well defined, simply mentioned for reference or examples. Another part I liked about it was the level of detail that the author had to reference the attacks and statistics, which a lot of us love to read and know about. Finally, make sure to get edition 5 of the book, I am referring to edition 4, I am sure that there is a lot to cover in a couple years regarding security and the way to go about it. I got the book from the university package so I wont be getting the new one, it's simply overpriced in my opinion.

Network Security?.......2005-01-21

I purchased a copy of this book for a network security class. In a way it has been a great read, for humor. The terms and programs are dated at best, made up at worst. An example, 'drive-by hacking,'I have NEVER seen this anywhere. It is commonly refered to as 'war driving,' showing its lineage to 'war dialing' or 'Snooping'. I have worked in IT security for the past 3 years and I find this book insulting. But, for a plus, it is a convenent size to use as a clip board, and it does hold papers down on my desk well.

Great book..........2004-11-06

This is an excellent book -- really gives you a security mindset. Informative, yet still an easy read. The only think I didn't like is the price of the book -- but I bought it using a coupon from UnderTag.com, so it ended up being a bargain for me!

Importance of Information Security Mgt. and Policies........2003-11-15

In Information Security it is about how well one could manage the tools and security resources at hand. Author is able to present an excellent picture of how important security policies and management pratices are for any organisation. Technologies change so rapidly that it is hard for any book to keep up with them but a book like this would be useful for Information Security professional in any era as its concepts are generic.

An excellent book.......2003-11-02

This is an excellent book talking about the up to date issues about security. The book is very organized and concise, allowing readers to follow the author's concept easily. The "Test Your Understanding" sections within each chapter are good tools for readers to recap their understandings. This book is highly recommended.

Book Description

The evidence is in--to solve Windows crime, you need Windows tools

An arcane pursuit a decade ago, forensic science today is a household term. And while the computer forensic analyst may not lead as exciting a life as TV's CSIs do, he or she relies just as heavily on scientific principles and just as surely solves crime.

Whether you are contemplating a career in this growing field or are already an analyst in a Unix/Linux environment, this book prepares you to combat computer crime in the Windows world. Here are the tools to help you recover sabotaged files, track down the source of threatening e-mails, investigate industrial espionage, and expose computer criminals.
* Identify evidence of fraud, electronic theft, and employee Internet abuse
* Investigate crime related to instant messaging, Lotus Notes(r), and increasingly popular browsers such as Firefox(r)
* Learn what it takes to become a computer forensics analyst
* Take advantage of sample forms and layouts as well as case studies
* Protect the integrity of evidence
* Compile a forensic response toolkit
* Assess and analyze damage from computer crime and process the crime scene
* Develop a structure for effectively conducting investigations
* Discover how to locate evidence in the Windows Registry

Customer Reviews:

In a world with few Windows-specific options, this is a helpful forensics book.......2006-10-10

I decided to read and review three digital forensics books in order to gauge their strengths and weaknesses: "File System Forensic Analysis" (FSFA) by Brian Carrier, "Windows Forensics" (WF) by Chad Steel, and "EnCase Computer Forensics" (ECF) by Steve Bunting and William Wei. All three books contain the word "forensics" in the title, but they are very different. If you want authoritative and deeply technical guidance on understanding file systems, read FSFA. If you want to focus on understanding Windows from an investigator's standpoint, read WA. If you want to know more about EnCase (and are willing to tolerate or ignore information about forensics itself), read ECF.

In the spirit of full disclosure I should mention I am co-author of a forensics book ("Real Digital Forensics") and Brian Carrier cites my book "The Tao of Network Security Monitoring" on p 10. I tried to not let those facts sway my reviews.

WF is a great guide to forensic investigation of Windows. By this I mean WF presents Windows from the perspective of the important directories, files, and registry entries that help an analyst discover malfeasance. WF also covers some of the core applications one would expect to review during host-based forensics, like email, Web browsing history, and P2P application usage. I expected coverage of popular Windows application formats relevant to investigations, like .doc, .ppt, and .xls, but those were missing.

WF addresses the core operational aspects of host-centric forensics, like forming a team and acquiring evidence from live and dead targets. I did not think these sections were as good as material from what I consider the book best suited for all-around hands-on forensic use -- "Incident Response: Computer Forensics, 2nd Ed" by Mandia, Prosise, and Pepe. Live response is one area where I thought WF didn't shine too brightly. I did like the frequent mini-case studies which shared stories from the author's investigative experiences.

A few other aspects of WF resulted in me offering a four star review. I thought the discussion of "vampire taps" on p 157 revealed a real lack of contact with modern network monitoring methods. I don't know anyone who uses or recommends such a contraption in an era of network taps. I continue to question the need to build so-called "sniffing cables," especially when proper interface configuration serves the same purpose. Furthermore, a remotely managed sensor will not be able to hide its traffic on the network anyway, so savvy intruders can usually find them (unless a completely separate management network is run out-of-band). "Chapter 7" was also way too short -- 2 pages!

Although I liked the case studies, I thought there were far too many "gray box" entries. These contain useful hints, but their frequent appearance sometimes interrupted flow of the book. This indicates a need for better organization. Finally, I felt the recent Syngress book "Winternals" did a decent job explaining how to analyze malware, rootkits, and rogue processes on Windows. WF didn't explore this key aspect of Windows incident response.

Overall, however, I would recommend reading WF if you need to understand data sources from Windows systems. I suggest concentrating on the sections that explain where you'll find quality information on Windows, and rely on other sources for generic forensics guidance. I could see readers using WF as a primer for learning about key Windows artifacts, then searching for them in the image files in "Real Digital Forensics."

Finally, the right book for Windows forensics.......2006-06-03

I have to say, like the next geek, I get frustrated by the lack of Linux/Unix use on the desktops of the corporate world; however, the fact is that Windows desktops outnumber Linux/Unix desktops by way more than 100:1. For this reason, it has been very frustrating to me that so many security books focus on Linux/Unix. I don't care if it's the best platform (though I agree); it's not the most common and we need tools on and for Windows.

This book tells you how Windows file systems work and how to perform forensic analysis on these systems. However, it's more than this - it is a great all around book on forensics analysis and the computer crime investigation process. I highly recommend this resource.

Tom Carpenter - Author: CWSP Certification Official Study Guide

Excellent focus on corporate security.......2006-05-24

Just read through my copy of this book. I do Cisco work as a CCSE and SANS certified network security specialist, but have been called on to do some investigations at work as the resident "security geek".
I read Brian Carrier's book on file system forensics, which is much deeper into data structures and is a very good book, but this book gives a better holistic look at investigations. We run a mostly Windows shop, and I'm happy to see a book that doesn't just cover Unix stuff. I want to pick up Windows Forensics and Incident Recovery next and see how they compare.

Definitely recomment!

B2B and Beyond: New Business Models Built on Trust

Average customer rating:

Terrific primer on a complicated subject

B2B and Beyond: New Business Models Built on Trust
Harry B. Demaio
Manufacturer: John Wiley & Sons
ProductGroup: Book
Binding: Hardcover

Corporate Finance | Finance | Business & Investing | Subjects | Books

General | Business & Investing | Subjects | Books

Management | Management & Leadership | Business & Investing | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Manager's Guides to Computing | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Look Inside Business Books | Trip | Specialty Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
ASIN: 0471054666

Book Description

A groundbreaking guide to forging trusting, mutually beneficial B2B relationships
Companies that have entered into B2B alliances may simultaneously be one and another's customers, suppliers, allies, and competitors. But in today's turbo-charged e-environment, how do companies take full advantage of the many benefits of B2B alliances while avoiding the obvious dangers of allowing potential competitors intimate access to their value chains? In this groundbreaking book Harry DeMaio, Director of Deloitte & Touche's renowned Enterprise Risk Service Practice, answers that question with the revolutionary concept of E-Trust, a proven strategy based on fostering business relationships based on mutual self-interest and trust. Writing for managers and corporate decision-makers, DeMaio explains the current state of B2B in an approachable, entertaining fashion, making difficult concepts easy to grasp. He demonstrates the critical role that trust, privacy, and security issues play in the B2B environment and provides guidance on how companies in various industries engaged in B2B relationships must address their varying security and privacy needs.
Harry DeMaio (Cincinatti, OH) is Director of Deloitte & Touche's Enterprise Risk Service Practice.

Customer Reviews:

Terrific primer on a complicated subject.......2002-03-15

I just finished reading this book and recommend it enthusiastically to anybody interested in how B2Bs and extended enterprises must work in the future. The book is broken down into 3 parts: Part 1 explains how B2Bs interact and how trust plays a critical role, Part 2 discusses the concept of e-Trust and business processes by industry, and Part 3 discusses e-infrastructure, security, and controls on a more technical level. Overall, the author manages to provide clear and comprehensive coverage on an exremely challenging, constantly evolving subject.

Mapping Security: The Corporate Security Sourcebook for Today's Global Economy (Symantec Press)

Average customer rating:

A must for crossborder security professionals
Excellent resource for doing global information security
great security book!
Critical reading for global organizations...
Out of the ordinary census of international security

Mapping Security: The Corporate Security Sourcebook for Today's Global Economy (Symantec Press)
Tom Patterson , and Scott Gleeson Blue
Manufacturer: Addison-Wesley Professional
ProductGroup: Book
Binding: Paperback

General | International | Business & Investing | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Look Inside Business Books | Trip | Specialty Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Business & Investing | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0321304527

Customer Reviews:

A must for crossborder security professionals.......2005-10-10

I have read this book twice, it was different than anything I have ever seen before. The author uses security generically, blending physical security and information security. Most people do not do that, but I think Patterson is simply a year or two ahead of his time.

The first 1/3 of the book was a bit of a waste for me, sort of a know thyself without little exercises. Then you hit the good stuff.

All Americans should read page 105 at least twice. This is also where the value of this book becomes apparent, I will read this section at least one more time. I don't know how much credence I would put in the Mapping Security Index (MSI), where the author tries to quantify the ROSI of doing business in a particular part of the world or another, but the annecdotal bits are great. I have a much better understanding of why my own company has had such an odd experience doing business in Europe.

If you are an American and you have an IT security position with a company doing business in the wider world ( and who doesn't) then I recommend this book. I also recommend a movie called the Coca Cola Kid. It is a bit off color, but it can really help explain why we make the mistakes we make.

Excellent resource for doing global information security.......2005-05-31

Creating an effective information security infrastructure for a large multi-national company is a challenge. Above and beyond the technology, the software, and the hardware, there are non-tangibles, specificially the cultures and laws where the security solutions, people, and technology will be deployed. Deploying technology without considering the local environment and culture is a sure-fire way to undermine a project.

Today's technology infrastructure is getting more and more complex. Companies are more global with more porous borders. Outsourcing is increasing dramatically, creating an additional need to understand the cultures in the remote locations.

Given all that, Mapping Security: The Corporate Security Sourcebook for Today's Global Economy is a valuable guidebook to deploying information security outside of the United States. Author Tom Patterson is a former Big 4 Information Security partner whose job responsibilities saw him living abroad for much of his adult life. The book is not so much a network security title, but rather a guide to performing the business of security across various cultural and physical borders. Mapping Security is management-level source book for companies and organizations that do - or plan to do - business outside of the United States. Patterson takes his years of living abroad, his successes and his failures, his war stories, and his challenges, and maps them into a usable framework so the reader can better deploy an information security program.

In the book, Patterson details the various opportunities and challenges in each geographic sector across the globe and provides security best practices, rules, and customs for 30 countries. Patterson does a good job of explaining how and where Americans are often perceived to be arrogant by having a overly U.S.-centric view of things.

The book is divided in three parts. Part 1 details the manner in which an effective information security infrastructure can be developed. Chapters 1 through 7 show the necessary steps to building an effective security culture. The book, especially Part 1, is focused not so much on specific technology but rather the processes in which to develop such a security infrastructure.

The heart of the book is in Part 2 where Patterson details his Mapping Security Index (MSI). The function of the MSI is to provide the reader with a metric to determine how an organization can perform security functions in a different country. The book has an MSI for 30 countries, but it does not detail every country, only those where U.S.organizations are likely to do business.

Peterson's expertise comes from living abroad extensively and bringing to the table how business should be done in whatever country you are dealing with. Two of the countries with the highest MSI are Netherlands (90) and Canada (93), with Russia (26) and Saudi Arabia (32) at the bottom. The main advantages of the Netherlands and Canada are that they both have a safe, stable, and effective infrastructure in which to build an information security organization.

Russia, on the other hand, while having a strong technical outsourcing potential has a legal and technical infrastructure that is significantly lacking. Additionally, most other business services are not yet on par with the rest of the region. As to Saudi Arabia, Patterson notes that while it provides a growing domestic marketing, it is an extremely difficult security partner to deal with and has very little cross-border activity. There is extremely little opportunity for women when it comes to the region. He notes that it is practically impossible for women to do business there and observes that "surrendering gender equity is simply the cost of doing business in Saudi Arabia".

Part 3 of the book deals with that challenge of mapping various laws and regulations from different countries. Part of the challenge and headache is dealing with laws from different countries that are contradictory. For example, one country might require an organization to capture and report customer information, while another country forbids it. The question becomes whose law do you break? That is not an easy question to answer, but it is one that needs to be considered.

The author notes that security standards and regulations are the biggest drivers for security around the world and a misstep in dealing with regulations can create the scenario where one could face business impairments, fines, or even prison.

Overall, Mapping Security: The Corporate Security Sourcebook for Today's Global Economy is a very valuable reference guide for anyone who needs to deal with information security in different countries and cultures. By relating security to the international community, the book enables the reader to avoid making those mistakes that can sink a security project.

Patterson has a keen business insight, and the book provides many of his war stories (from illegal barbeques in Germany to an innocuous racial fax paus in South Africa). The book is not overly technical in nature and is both entertaining and informative. For anyone that plans to deploy security outside of the United States Mapping Security should be required reading.

great security book!.......2005-05-26

Mapping Security is a book written by a security expert who travels the world.

Great info you won't find anywhere else.

Critical reading for global organizations..........2005-05-23

If you're doing business internationally, IT security might be more of a nightmare than you know. This book does an excellent job of helping you through the mine fields... Mapping Security - The Corporate Security Sourcebook For Today's Global Economy by Tom Patterson.

Chapter List:
Part 1 - Charting A Course: Why You Picked Up This Book; Establishing Your Coordinates; Building The Base; Enabling Business And Enhancing Process; Developing Radar; Constant Vigilance
Part 2 - Reality, Illusion, And The Souk: Europe; The Middle East And Africa; The Americas; Asia Pacific; Outsourcing And Your Map
Part 3 - Whose Law Do I Break?: Mapping Solutions; Mapping Law; Mapping Technology; Mapping Culture; Mapping Your Future; Local Security Resources By Country; Index

Patterson takes an approach to global technology security that I've never seen before. He talks about how differing countries, laws, and cultures can all conspire against you when it comes to maintaining (legally!) security for a global organization. Conceptually you probably know that not all laws are the same as the ones in the United States, but you may not know or understand just how different they are. For example, if you have a server in France running an HR or a payroll system and you back up the data to a server outside of the country, guess what? You're in violation of French data security laws. It's that easy...

Part 2 of the book was very interesting. He takes some of more significant countries in terms of global and cross-border commerce and scores them with an index value that takes a number of security issues into consideration. You'll learn that every country, no matter how cheap or technologically adept they are, have significant hindrances that could make or break your business if you're not prepared to deal with them. Language is a major issue, as well as nationality. Even though you may be opening up shop in a country that speaks English, you can usually count on the fact that sending an American over to tell them how to run the security is a bad idea. You need to be able to partner with a local firm or find someone from the country to handle the day-to-day issues in order to make sure all is running well. Patterson covers this and a lot more in the book, and it's actually interesting reading, too. He keeps the conversation with the reader moving along at a decent pace, along with interspersing little sidebars on cross-cultural issues that you may never have considered.

IT security professionals who work for global organizations or who have outsourced operations will do well to pick up a copy of this book to make sure they are abiding by all the laws that could affect them. The book's far cheaper than fines that could be levied by the country whose laws you break.

Out of the ordinary census of international security.......2005-05-12

I'm really impressed by this book. It's a summarization of a lot of valuable research that you can find nowhere else. Which to me is the definition of a great book. The authors take us on a world tour and give us background on the security concerns in all of the different countries. It's fascinating, insightful and even funny at times. A must have for anyone doing applications business globally.

Early Edition Corporate Computer and Network Security

Average customer rating:

Early Edition Corporate Computer and Network Security
Raymond Panko
Manufacturer: Prentice Hall
ProductGroup: Book
Binding: Paperback

General | Business & Investing | Subjects | Books

Management | Management & Leadership | Business & Investing | Subjects | Books

General | Certification Central | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Look Inside Business Books | Trip | Specialty Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Business & Investing | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books
ASIN: 0131017748

TechVenture: New Rules on Value and Profit from Silicon Valley

Average customer rating:

A Good Read!
Insights in every chapter

TechVenture: New Rules on Value and Profit from Silicon Valley
Mohan Sawhney , Ranjay Gulati , Anthony Paoni , and The Kellogg TechVenture Team
Manufacturer: Wiley
ProductGroup: Book
Binding: Hardcover

General | Popular Economics | Business & Investing | Subjects | Books

Corporate Finance | Finance | Business & Investing | Subjects | Books

General | Business & Investing | Subjects | Books

Manager's Guides to Computing | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Amazon Upgrade | Amazon Upgrade | Stores | Books

Business & Investing | Amazon Upgrade | Stores | Books

Computers & Internet | Amazon Upgrade | Stores | Books

Professional & Technical | Amazon Upgrade | Stores | Books
Similar Items:

Kellogg on Technology and Innovation

ASIN: 0471414247

Book Description

Drawn from the popular TechVenture program at the Kellogg School of Management, this book provides a deep understanding of the key finance and business trends in e-commerce

Viewing Silicon Valley as a test lab for e-commerce strategies, this book delivers the latest financial and business models shaping the e-commerce industry. TechVenture focuses on the Silicon Valley phenomenon, the new financial strategies, and evolving e-business models. Each chapter draws from field research and interviews with the top minds in business today, and covers the most recent advances in e-finance, including: technology incubators, start-up funds, measuring intellectual capital, valuation techniques for Internet firms, and emerging technologies. In addition, TechVenture features intriguing and informative case studies and examples of major companies, including Idealab, Merrill Lynch, Pfizer, and Amazon.com. General business and finance readers, as well as those fascinated by the Internet economy, will find TechVenture an invaluable read that is on the cutting edge of e-business.

Mohanbir Sawhney (Evanston, IL) is the McCormick Tribune Professor of Electronic Commerce and Technology at the Kellogg Graduate School of Management, Northwestern University. Mr. Sawhney was recently named one of the twenty-five most influential people in e-business by Business Week magazine.
Ranjay Gulati (Chicago, IL) is the Associate Professor of Management and Organizations at the Kellogg Graduate School of Management and the Director of the Center for Resource on E-Business Innovation.
Anthony Paoni (Chicago, IL) is Associate Professor at the Kellogg Graduate School of Management.

Customer Reviews:

A Good Read!.......2002-09-28

At first glance, Tech-Venture seems like a nostalgic flashback to early 2000. A quick skim through its pages reveals statements like: "Old economy valuation methods, such as discounted cash flows and comparable company multiples, are ineffective for New Economy companies." But don't be fooled, this book is more than just an obsolete relic of the bubble. Once you get past the sections devoted to high-tech start-ups, you'll find a thoughtful examination of technology's role in such critical 21st-century business mainstays as customer relationship management and supply-chain management. For this intelligent analysis, along with equally interesting chapters identifying technologies likely to spawn future revolutions, we from getAbstract recommend this book to managers in business development and technology.

Insights in every chapter.......2001-05-01

TechVenture packs more insightful analysis into every chapter than any other book I've read recently. The chapters on Value and Wireless E-Business alone are worth the price of the book. It's good to see a realistic look toward profitability (at last!) and to have that realism temper a forward-looking work like this is a pleasure indeed. Bravo!

Defending the Digital Frontier: A Security Agenda

Average customer rating:

If the CEO needs a wakeup call, try this
Answered Prayer
Interesting reading
A great book for Business Executives!
A Practical Guide to Developing A Security Program

Defending the Digital Frontier: A Security Agenda
Ernst & Young LLP , Mark W. Doll , Sajai Rai , and Jose Granado
Manufacturer: Wiley
ProductGroup: Book
Binding: Hardcover

General | Business & Investing | Subjects | Books

MIS | Industries & Professions | Business & Investing | Subjects | Books

Management | Management & Leadership | Business & Investing | Subjects | Books

Systems & Planning | Management & Leadership | Business & Investing | Subjects | Books

Manager's Guides to Computing | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books
Similar Items:

Defending the Digital Frontier: Practical Security for Management, 2nd Edition

ASIN: 0471221449

Book Description

Praise for Defending the Digital Frontier

"The charge of securing corporate America falls upon its business leaders. This book, offered by Ernst & Young and written by Mark Doll, Sajay Rai, and Jose Granado, is not only timely, but comprehensive in outlook and broad in scope. It addresses many of the critical security issues facing corporate America today and should be read by responsible senior management."
-Rudolph W. Giuliani
Former Mayor of New York

"Security is no longer just a technical issue. It needs to be managed holistically across physical and digital infrastructures as part of a wider program of risk management. That's exactly what CA's eTrust security solutions deliver. This is a must-read for all executives that have spent millions on information technology and have not thought about the risks. This book is a wake-up call to busy executives that think their digital assets are secure."
-Sanjay Kumar
President and CEO
Computer Associates International, Inc.

"Security can no longer be viewed simply as a necessary defensive expense. As enterprises open up their networks to millions of customers and partners around the world, security must be seen as an essential business enabler. This book demonstrates how complex network security has become, and points to the need for senior management to seek more sophisticated security management solutions, including organizational changes, in our increasingly connected world."
-John W. Thompson
Chairman and CEO, Symantec

"As companies expand their businesses outside of their traditional corporate boundaries, they encounter a whole new set of challenges related to securing their company's assets. This book provides executives with a perspective on how to protect their company's digital assets as they compete at the edge of the digital frontier."
-Barry Bycoff
Chairman, President and CEO, Netegrity

Customer Reviews:

If the CEO needs a wakeup call, try this.......2003-06-17

Defending the Digital Frontier starts with a patriotic forward by former NYC Mayor Rudolph Giuliani. I think that was my favorite part of the book, I know a lot of people are starting to think of 911 as old news, but I am not one of them. Giuliani issues a call to action to protect your information asset's for the nation¹s good. I started into the book quite excited.

The first three chapters say the same thing over and over again but with different word patterns. The gist is we¹re under attack and you better get ready for it. When your computers go down, so will your business. True, but that could be covered with one paragraph, and perhaps a couple war stories.

Ernst and Young's experts Mark W. Doll, Saiay Rai and Jose Granado propose that we can achieve homeland security with their 3 R¹s of the Security Agenda: Restrict, Run and Recover(SM). While it certainly is not that simple in practice, I really like the catchy slogan, it is perfect for communicating with senior executives.

The writing style is a bit dry, the repetition and lack of depth hurt the work, but the topic is very important. It does a great job of convincing a CEO class executive that they need a well founded security program. It just doesn't help them get it started. I want to be very specific with my concerns since I am scoring the book lower that the other (mostly anonymous) reviewers. I am a senior manager, the target audience for the book. People ask me for decisions or try to sell me on their product or solution all the time. It isn't that they tell me lies, they just do not give me all the information I need to make an informed decision. After a while you learn to be very careful about making decisions without all the facts. This work needs more case studies, more specific, proven examples. It also needs more takeaways, information I can use. Granted it is very unfair to ask E&Y to give away intellectual capital that took them a lot of sweat and blood to create, but at least give the reader enough information to assess our condition and understand what the next steps are.

I encourage Ernst and Young to do a second edition with some "show me the beef" hardnosed technical reviewers and produce a great book.

Answered Prayer.......2003-02-20

I've been in the business game for a long time (26 yrs). During that time I've learned many things, sometimes willingly, sometimes by force. I have to admit that I was resistant to the idea of adopting the internet, especially when it came to transacting with my clients and customers. As we've all learned though, with digital and internet technologies growing by leaps and bounds, its a necessary evil. So being my pesimist self I've become semi-obsessed with understanding as many aspects of digital security, because if I don't understand it, then I can't very well expect my clients to have faith in my promises, can I?

"Defending the Digital Frontier: A Security Agenda" is the first book i've read, and I've read plenty, that is written so the right people can understand it. The "techies" already understand this stuff, but the people who make the decisions (e.g. how much budget those techies get to keep your netwrok secure), like the CEO and CFO, have never had it portrayed as a priority, like Mark Doll has been able to do in this book.

I usually don't review books, but with all of the recent news about networks being compromised, like the 8 million credit cards stollen this past week, I felt it was my responsibility to make sure I said my piece.

Buy it, read it, and use it, for yourself and for your customers.

Interesting reading.......2003-02-19

In a time a great tension and uncertainty this book is a terrific guide to understanding IT security and developing a strategy to protect an organization. As an executive this book is very helpful. I plan on giving it to my peers to remind them that all executives have responsibility for security.

A great book for Business Executives!.......2003-01-24

As an executive worrying about security, this book helped me understand the importance of a proper security strategy and how best to lay out a business, not technical plan for protecting my company. I highly recommend this book to any business executive who stays up at night thinking about security.

A Practical Guide to Developing A Security Program.......2003-01-24

With my corporation having worked with Ernst & Young's Security & Technology Solutions group over the years, my colleagues and I have come to respect them as among the most practical and knowledgeable security professionals in the field of IT security. Defending the Digital Frontier nicely reflects E&Y's experience and practices, providing easy-to-understand concepts and insights involving the implementation of a realistic security program.

Book Description

As organizations implement a greater number of mission-critical applications over distributed networks, they become more vulnerable to potential disasters. CTR's 229-page report explores guidelines for developing successful contingency and disaster recovery strategies that will protect company resources and minimize downtime.

Disaster Recovery: An Overview

In today's distributed computing environments, organizations are more vulnerable than ever to the possibility of technical difficulties impeding communications.

Any disaster, from floods and fires to Internet viruses and espionage, can affect the availability, integrity, and confidentiality of critical business resources and leave an organization virtually inoperative.

CTR's new report, Contingency Planning and Disaster Recovery: Protecting Your Organization's Resources, explores the computer-related risks facing organizations today and offers the latest in disaster recovery strategies, technologies, and tested contingency plans.

Disaster Recovery Issues and Concerns

Disaster recovery has taken on a new sense of urgency in recent years due to the expanding role of computers in the organization and the increasing occurrence of various types of disasters.

CTR's new report covers critical disaster recovery issues, including the following: hot, warm, and cold sites; dual data centers; disaster insurance; business impact analyses; and legal liabilities.

The report addresses the most current concerns regarding the security and protection of local area networks (LANs), the mainframe, and client/server (C/S) systems.

The report also includes a discussion of the available backup options and reviews tape management, direct access storage device (DASD) management, new backup paradigms, scalability and administration methods.

Internet Security Issues

Contingency Planning and Disaster Recovery: Protecting Your Organization's Resources provides an in-depth examination of Internet and Web security issues. Understanding the risks of connecting to the Internet and learning how to minimize those risks is imperative to building a secure environment which enables information systems (IS) managers to use this technology.

The security risks of an Internet connection include the following: Internet protocol (IP) spoofing, session hijacking, password theft, denial of service attacks, and viruses.

The report also addresses Web security issues and offers valuable guidelines and a list of resources to help ensure the security of electronic transmissions.

Developing, Testing, and Implementing a Contingency Plan

Contingency Planning and Disaster Recovery: Protecting Your Organization's Resources outlines practical disaster recovery goals and explains how to best meet these goals through a step-by-step plan. The report includes a discussion of who should be involved in the planning and why it is essential to identify and prioritize critical business applications and information.

Testing the disaster recovery plan and the benefits of feedback, "mock" tests, creative testing, and testing tools, are also covered in the report.

Books:

Books Index

Books Home

Recommended Books