Updates
Latest Tweet
What's New?
Check out for latest innovation, a computer based training video collection
Like this Page
Inside Network Security Assessment: Guarding Your IT Infrastructure Review by uniq
Excellent overview of current state of the art for network security assessment
If you need an overview of the current state of the art for network security assessment - this book is for you. It describes a security assessment process end-to-end, covering all aspects of it: reasons for the assessment, risk assessment methodologies, scoping of an assessment project and its goals, how to conduct the assessment, what to put into the final report, and what is involved in the post-assessment activities. The book also gives an overview of contemporary government standards and security evaluation tools, and even offers security assessment forms and a sample report. This book is *NOT* a detailed description of the intrinsic and technology behind the attacks or ways of warding them off, even though the authors do a superb job of explaining most major concepts and terms.
While anything that ends with the word "process" promises the excitement of watching paint dry, I've found this book quite informative and written very well. For me, it is more important to understand than remember; every statement in a book is logically solid and supported by a reason or explanation. With respect to this, the authors have not disappointed me.
I disagree with negative comments mentioned in the F. Yan's review below. For example, indeed, on page 111 the authors stated that the greatest threat to an organization and its IT infrastructure are employees, contractors, and third-party users; on the same page they named insecure computing habits of the *employees* as the 2nd threat, and on page 112 they listed *disgruntled* employees as the 3rd greatest threat. I don't see any contradiction, since disgruntled employees are a subset of the total population of employees. Similarly, I could not find validation to other negative comments.
Nevertheless, the book has a couple of rather small shortcomings. One is a bit dry style of some chapters consisting primarily of bullet point lists, although the points themselves are sharp, concrete, and important. I also wish that the book's cover were made from a more practical and durable material.
Overall, this is an excellent and useful book, that delivers on its promises.