What it is, why it’s happening in your company, what you must do about it
Author: Ira Winkler
Publisher: Prima Publishing (1997)
Price: No longer available new so
This may not qualify as an instruction manual for industrial spies but there’s enough meat on the bones to point out the very real risks to trade secrets. If your organization’s future relies on its sensitive and valuable proprietary information, read this book to understand why it is so important to protect them.
This was, I believe, Ira Winkler’s first book, published in 1997. It may not have quite the same polish as the later books (Spies Among Us and Zen and the Art of Information Security) but if anything the slight rawness enhances it. It’s very accessible.
The eight case studies that form the core of the book are fairly typical penetration test reports. What sets them apart, though, is the way in which Ira describes the penetration step-by-step and then carefully deconstructs each case to reveal the vulnerabilities exploited.
The earlier sections on risk, value, threat and vulnerability ably cover the basics of information security risk analysis and neatly set the scene for the cases - in fact, they are quite eloquent and reasonably comprehensive in themselves. If risk analysis is all Greek to you, sit down in a quiet corner to read one of Ira’s books. I’m sure you’ll end up with a better appreciation of the art.
Although I suspect Ira would resent the comparison, the types of intrusion discussed and the depth of analysis is about the same as Kevin Mitnick’s books, in other words it is almost entirely non-technical. Nevertheless, like Kevin, Ira points out just how effective non-technical techniques can be in compromising a typical corporation.
Many of the attack techniques are essentially social engineering, manipulating and deceiving people to get them to do what the attacker wants (normally, to grant them access to a controlled facility or information).
Corporate Espionage is very similar in style and structure to Ira’s next book, Spies Among Us i.e. first a section introducing the concepts, then a handful of case studies in the middle, and to finish a short generic section on recommended countermeasures.
Writing style and readability
Ira’s past working for the NSA is a thread common to all his writing. Naturally, we’re never told the true nature of his previous career which all adds to the aura of mystery and suspense (intentionally, I’m sure) but his connections with “real spies” and bragging wear a bit thin sometimes, as if he’s trying too hard to impress the reader with his espionage credentials. Some readers probably enjoy the spy novel feel to Ira’s writing and, if it gets them to consider information security risks and controls, that’s absolutely fine by me!
Although it is now ten years old and (I believe) no longer in print, Corporate Espionage is still a worthwhile read if you can find a used copy. The book is entertaining and informative, with the case studies and analysis drawing out some useful lessons for any organization.
|Home > Book reviews > Corporate Espionage >||
Copyright © 2013 IsecT Ltd.