free page hit counter

White papers
Click banner for site map
Information security book reviews

The books reviewed below have contributed in some measure to our knowledge and research for the NoticeBored security awareness materials.*

Click to read the review

PCI DSS - a practical guide to implementation

If you are an experienced information security professional or project manager tasked with your first PCI DSS implementation, this new book from IT Governance (coupled with PCI DSS itself and various other sources of guidance) will be a worthwhile starting point and companion on your journey to compliance. It is good value and easy to read, providing many pragmatic tips. Read our book review for more. New new yellow

 

 

 

Read the book review

Phishing - cutting the identity theft line

We learnt good stuff from this book Phishing is simply about someone sending out emails inviting you to ‘update your details’, right? Well, yes ... and no. There’s rather more to it than that. Authors Rachael Lininger and Russell Dean Vines lift the covers on a seedy underworld where criminal hackers combine social engineering with malware.

 

 

Read the reviewInformation Security Incident Management - a methodology

Buy this book if you are designing or reviewing information security incident management processes, perhaps as part of implementing ISO/IEC 27002, and if you work in a government or large commercial organization that needs such a comprehensive, well-structured incident management process.  Smaller, more agile organizations may still learn something useful but it would not be easy to apply this design to a typical cut-down slimline incident management process.

See our book reviewComputer Security
for the Home and Small Office

This is a self-help IT security book aimed at those who work from a Small Office/Home Office (SOHO). Written by The Register’s Associate Editor, it should be no surprise that the book challenges accepted norms such as Microsoft Windows, Office and Internet Explorer. A worthwhile security awareness text for a general if rather IT-literate audience.

 

Read the reviewLessons Learned in Software Testing

We are currently researching and reading for a forthcoming new awareness module on application security. Through a series of nearly 300 “lessons”, the authors share their accumulated wisdom about how to test application systems - not so much which buttons to press but more how to establish and manage a test team, plan the work and dynamically adjust the testing process.

Read the book review

Corporate Espionage

To complete our look at Ira Winkler books and coincide with this month’s awareness module on protecting trade secrets, we’ve reviewed his first book. It is very similar to, and every bit as engaging as, Spies Among Us, albeit slightly more raw. If your managers need a bit of a wake up call to appreciate the need for information security controls, this could be it.

 

Read the book review

The Insider - a true story

The Insider is built around an extensive collection of real-life security incidents involving both insiders and outsiders. The book is essentially a collection of in-depth news reports, peppered with a few brief notes from anonymous corporate evaluations of a network traffic analysis tool. The lack of meaningful analysis detracts from the books value.

 

Read the book reviewZen and the
Art of Information Security

 If you have no background in information security, this book would make an interesting if rather superficial introduction to the issues. It falls short on useful, sound advice. If you have read Ira Winkler’s previous books, you are unlikely to learn anything new but you’ll be entertained nonetheless. 

 

 

 

Read the book reviewRead the book review

IDEO on innovation

We enjoyed reading and reviewing two non-security books for once. IDEO’s creative techniques for innovative product design have worthwhile application in designing effective security awareness programs and indeed other products and services.

 

 

 

 

Read the book reviewNet Crimes & Misdemeanors - Outmaneuvering Web spammers, stalkers, and con artists

Good awareness text Net Crimes explores the dangers of the online world covering a broad assortment of Internet security issues, with useful descriptions and helpful advice for all Web users. This is a good security awareness book for anyone who is relatively new to the net, combining realistic threat descriptions with pragmatic security advice.

Read the book reviewInsider Threat - protecting the enterprise from sabotage, spying, and theft

“Insider threat and corporate espionage rely on the fact that it is sometimes better to live in denial and be happy than to know the truth and have to deal with it.” This book reveals the ugly truth and outlines some of the control measures you should take to minimize the risks. Deny it no longer!

 

Read the book reviewKnow Your Enemy - learning about security threats

Good technical content The Honeynet Project is a fascinating project researching hacker techniques by, in effect, inviting hackers to do their stuff on specially-configured network machines that capture the details. This well-written technical book details how honeypot systems are configured in honeynets, and how hacker activities are analyzed.

 

 

Read the book reviewGoogle Hacking for penetration testers

We love Google! Johnny Long’s book, the professional Google hacker’s instruction manual, is an information security manager’s horror story. Page after page reveals creative uses of the worlds biggest and best search engine to find security vulnerabilities and breaches on websites and web applications. By all means read our review but think twice about reading the book if you are a security professional of a nervous disposition. Sleepless nights guaranteed.

 

Read the book review

 

Computer Security 20 Things Every Employee Should Know - The Employee Handbook for Securing the Workplace

Good value At just US$8 a copy, this neat little booklet summarizing computer security for ordinary employees could usefully support a structured security awareness program or security induction course, but do not rely on it alone. Read our book review.

 

Read the book reviewEnemy at the Water Cooler Real-life Stories of Insider Threats and Enterprise Security Management Countermeasures

Ignore the main title – look at the subtitle. This book is little more than a sales pitch for Enterprise Security Management systems, or more specifically the ESM sold by the author’s company. The link to “insider threats” is tenuous at best and in the most part is merely used as an excuse to hype the wonders of ESM. Read our unflattering review here.

Read the book reviewIT Governance: A manager’s guide to data security and BS 7799 / ISO 17799

Despite the subtitle, this third edition by Alan Calder and Steve Watkins is arguably more of a practitioners’ guide to the implementation of ISO 17799. The introductory chapters do indeed cover IT governance but the bulk of the book concentrates on information security management. Read our book review for more ...

 

Read the book reviewThe CISO Handbook

Good stuff! Another good read we are happy to recommend - this one offers sage advice for anyone tasked by management with ‘fixing information security’. It highlights the program management aspects of building and running an effective security improvement program rather than the content of the individual security projects.

Read the book review

Managing an Information Security and Privacy Awareness and Training Program

One of our all-time favoritesOne of our all-time favoritesOne of our all-time favorites At last! A textbook on security awareness that we are happy to recommend unreservedly. Rebecca Herold has written a real winner, packed with helpful advice. Read our glowing book review for more superlatives.

Read the book reviewSpies Among Us

Excellent! Read our review of this valuable and recommended book. The case studies on actual social engineering penetration tests are exactly the kind of thing that might wake up complacent managers who believe their organizations are somehow immune to the social engineers.

 

 

 

Read the book reviewSpreadsheet Check & Control

Very worthwhile We really value this book. If you write spreadsheets, especially if spreadsheets to calculate and report important business information, study this book carefully. It may save you a fortune. Click here for the review, or if you have decided already, click here to buy it from Amazon (~$26).

.

 

 

Read the book reviewIT Governance

“The most important predictor of top governance performance was the percentage of managers in leadership positions who could accurately describe their enterprise’s IT governance.” ’Nuff said. Read our book review.

 

Read the book reviewYou Are a Loser

Read our brief review of this interesting little book of case studies on information security breaches to find out how it can help your security awareness program.

 

 

Read the book reviewThe Art of Deception

Kevin Mitnick’s book was a tremendous source of inspiration for the NoticeBored awareness materials on social engineering. This is our review of the book.

 

 

Read the book reviewInformation Security Awareness

We have published a detailed review of this book by Tim Layton. The book’s subtitle “The psychology behind the technology” reflects the assertion that information security is as much to do with how people behave when making choices about security as about the technical controls employed. We agree with the assertion, but read the critique to find out what we made of Tim’s book.

 

* NB: most of our book reviews include links to purchase the books from Amazon. We earn a little commission on these, “little” being the operative word unfortunately but this diminutive income does at least occasionally allow us to purchase, read and review yet more books. If you begrudge us our meager income in return for us reviewing the books, feel free to visit Amazon or your favorite book seller independently of our links. 
NB homeFreebies > Book reviews >

Copyright © 2008 IsecT Ltd.