Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Spies Among Us", Ira Winkler

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Spies Among Us", Ira Winkler
Date: Wed, 22 Jun 2005 08:24:57 -0800 
BKSPAMUS.RVW   20050531

"Spies Among Us", Ira Winkler, 2005, 0-7645-8468-5,
U$27.50/C$38.99/UK#16.99
%A   Ira Winkler www.irawinkler.com
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2005
%G   0-7645-8468-5
%I   John Wiley & Sons, Inc.
%O   U$27.50/C$38.99/UK#16.99 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/0764584685/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0764584685/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0764584685/robsladesin03-20
%O   Audience n+ Tech 1 Writing 3 (see revfaq.htm for explanation)
%P   326 p.
%T   "Spies Among Us"

In the introduction, Winkler admits that the title is slightly
misleading: most surveillance is not done by international spies, but
by common or garden thieves, competitors, and so forth.  The point
that he is trying to make is that non-terrorists can hurt you,
although he raises the issue with illustrations that are not
completely clear.

Part one deals with espionage concepts.  Chapter one reviews spying
terminology, but makes points about the process by explaining the
jargon and distinctions.  Risk analysis is introduced in chapter two,
but the calculations used may not be clear to all readers.  An attempt
to assess the value of information is made in chapter three.  Chapter
four outlines threats (entities that might harm you) and five covers
vulnerabilities--the way your own operations can make you subject to
attack.

Part two describes some case studies of spying.  The content is
interesting, although the value is rather concentrated in the short
"vulnerabilities exploited" section at the end of each chapter.  I
must say that I've read all manner of similar stories and case studies
in various security books, and Winkler's are more interesting than
most.

Part three deals with protection.  Chapter twelve lists a number of
countermeasures.  These are described in a level of detail that is
appropriate for non-specialists (in security), although the content
related to technical safety might be a bit thin.  How to plan and
implement an overall security program is outlined in chapter thirteen,
which includes a very interesting section on how the Department of
Homeland Security has taught us valuable lessons about how *not* to
execute safeguards.

While not structured in a formal manner that would make for easier
reference, this book nonetheless has some excellent content.  Like
Schneier's "Beyond Fear" (cf. BKBYNDFR.RVW), it is easy enough, and
engaging enough, for those outside of the security profession to read. 
Busy managers may find the work a bit wordy and disorganized, but it
makes useful points, and has constructive suggestions.  Home users and
amateurs will find the style most suited to them, although the
recommended controls are aimed at businesses.  Security professionals
will not (or should not) find anything new here, but may appreciate
the "war stories" and explanations that can be employed in security
awareness training.

copyright Robert M. Slade, 2005   BKSPAMUS.RVW   20050531


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
             Si hoc legere scis nimium eruditionis habes
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Spies Among Us", Ira Winkler, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] Thanks !!, niranjan.holla
Next by Date:  [CISSP-D] REVIEW: "Silence on the Wire", Michal Zalewski, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  [CISSP-D] Thanks !!, niranjan.holla
Next by Thread:  [CISSP-D] REVIEW: "Silence on the Wire", Michal Zalewski, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]