<< 1 >>
Rating: 
Summary: Comprehensive
Review: Any manager who lets his technical people build a security program without the rational kind of road map this book offers is asking to be "owned", that is, to be hacked, his Web site defaced, his firm's data trashed. Never, never wade into the muddy waters of cybersecurity without a good plan. This book is that plan: risk formulas, the nature of the threats, key tenets of a security program, key steps in constructing one, important policies to have, key steps in formulating a policy, key goals in information security, kinds of architecture to consider, kinds of infrastructure that underlie the program, steps in the life cycle for developing a secure system. Talk about comprehensive. A great way to introduce yourself to security from a high level view or to start building security for your organization.
Rating: 
Summary: Great book for techies, managers, and execs!
Review: I especially like this book because it gives the IT shop and the security professionals lots of ammunition for getting funding and support from the "business" side of the business. Too often, the business executives don't understand the technology in question, and therefore do not comprehend the extent of the threat to the enterprise. Because this book is written for a "high level" business audience, among others, it presents issues like risk assessment and extent of the threat in ways the average businessman can understand. It even has sections like "Gaining Support" meant to help IT get management and funding on its side, without which the most carefully thought out plan isn't going anywhere, given that it's the executives who have the clout to make things happen in an organization!
Rating:
Summary: Just what the doctor ordered
Review: Just what the doctor ordered. Finally a clear road map for setting up computer security at a corporation. Lots of organizations are clueless about what is needed to set up an effective defense against hackers. This book provides the clues, in a clear, jargon-free, and easy-to-understand manner. It lays it all out step by step. It sketches the nature of the threat hackers pose. Then it tells you, phase by phase, how to put together a security program. It lays out a so-called Policy Framework on which to hang you secure password policy, incident response policy, asset management, vulnerability assessment policy, you name it, along with the technical procedures - tightening up UNIX, getting software patches for Windows XP, etc. - that flesh out the policies. A formula for figuring out risk is offered. There's lots of useful stuff on how computer architecture fits in with security, and how life cycle development should incorporate security into it. There actually can be a rhyme and a reason to formulating security policies, and this book lays it out.
Rating:
Summary: Distilled e-Commerce "Operational Continuity Suvival Skills"
Review: Secure Internet Practices is the first of its kind -- a comprehensive overview of strategies, tactics, and approaches needed to protect any organization's digital assets in the brave new world of e-commerce. .... This research report does an outstanding job of distilling relevant knowledge about practical information security and privacy protection.
It presents distilled insights in an understandable way . . .
Logical organization makes it easier for readers to effectively apply the authors' shared wisdom won from their prior "lessons learned!" It reinforces my varied experiences over thirty years as a decision support professional concerned with information security and privacy protection. As a virtual "guest lecturer" for Capella University's
"Cyber Threats to Enterprise Security" (TS5070)
and principle designer of MetroState University's
"Cyber-Crime Fighting" (MISD692) graduate certificate course,
I've found this resource very useful and usable! Bob (RJ) Burkhart : Cyber-Crime Fighter
LCDR-USNR, Ret. - MS / MBCP (Pending)
Bloomington, MN - USA / January 2002 ....
Rating: 
Summary: Incoherent
Review: The book really does not carry enough meat to call it well written. It contains way too much fluff and more than anything, it is quite confusing, leaving you with a not so clear vision of Secure Internet Practices.
An overview of a high level security program can be presented in a much better manner. It leaves you with the impression that there is no consistency throughout the book. It is more a collection of ideas that are half baked. Presenting them in a generic high sounding format makes it look really bad. I think that the easiest solution for Security professionals to realize that not everyone has a clear handle on Information security is to buy this book and read it.
<< 1 >>
| 
