Title: The Business Case For Network Security
Authors: Catherine Paquet, Warren Saxe
Publisher: Cisco Press
Published: December 23, 2004
Edition: 1st Edition
Ever wished you grabbed a network security title off the shelf and found it to be comprehensive enough, covering hot topics such as security policies, risk management, top-level attacks and security threats in a non-technical manner, but without compromising quality and important information?
If so, then this is your book.
Catherine Paquet, Warren Saxe and Cisco Press have managed to produce what seems to be more than just ‘another fine title'.
The Business Case For Network Security is a book aimed at people.
The book is well written using simple English language, allowing people of all levels to clearly understand the topics analysed. The target audience would seem to be people in a managerial position or network professionals who require basic understanding of network threats, security measures, risk assessment tools etc., without getting into the details required by a programmer or security auditor.
So what's covered?
The book has 3 main sections:
• Vulnerabilities and Technologies
• Human and Financial Issues
• Policies and Future
Vulnerabilities and Technologies
The first section is certainly a favourite!
It starts by introducing the reader to the world of security by exposing the damage caused by exploits and hackers in general.
Continuing with a small yet effective analysis of ‘the hacker', where they come from, how they are categorised, the authors then move into the popular topic ‘categories of attacks'. Here are just a few illustrated and well documented attacks outlined in the book:
- Buffer Overflow and Bandwidth Consumption
- Domain Name Hijacking
- Mail Bomb
- Distributed Denial of Service Attack
- Password Attack
Even the new wireless attacks are included here, along with the famous ‘Social Engineering Tactics'!
The authors take the reader through ways to protect a network from these types of attacks. Virus protection, traffic filtering, encryption, content filtering, assessment and auditing are a few of the methods and tactics analysed.
Human and Financial Issues
The second section is where this wonderful book starts to really move away from your everyday security book. It discusses in detail how company managers are able to ‘secure' their network by enforcing policies and providing strict guidelines to their employees.
This is a topic many books fail to cover in the detail required. Some don't mention it at all. If you consider that the ‘human factor' still remains the greatest threat of all, then you'll understand how important this topic is. The book does a great job by not only fully covering the topic, but also providing useful information to help managers start thinking and acting accordingly.
A generous 130 pages are devoted to this section and here are a few of the topics discussed:
- Securing the Organization: Equipment and Access
- Managing the Availability and Integrity of Operations
- Mobilizing the Human Element: Creating a Secure Culture
- Determining Rules and Defining Compliance
- Ensuring a Successful Security Policy Approach
- Involving the Board
- Recognizing the Goals of the Corporation
- Outlining Methods IT Managers Can Use to Engage the Organization
- Risk Aversion and Security Topologies
- Return on Prevention: Investing in Capital Assets
We don't want to tell you all the topics, but from this sample you get the idea. Guidelines for creating policies is not something you'll find easy and most IT Managers end up turning to security companies to provide them with the information contained in this book!
Policies and Future
The last section of the book extends the policies to provide more sophisticated technical ‘hands-on' policies. These polices are the key elements your engineers (or you) will use to ensure your security systems and network(s) are safeguarded from the prying eyes of hackers.
The reader is given an understanding of the purposes of the various policies available and how they can be implemented. Physical security policies, access-control policies, VPN and encryption policies, Data sensitivity, retention and ethics policies are just a few.
The authors make it clear that ‘Security is a Living Process' and describe methodology required to ensure you're not caught off-guard by uninvited guests.
Overall the book gets the thumbs up, and is highly recommended to IT Managers, networking professionals and business executives seeking to asses their organisations risks and introduce mechanisms to protect their investments, data and integrity.
This book is a goldmine of vital information, so get out there and grab yourself a copy – you surely won't regret it!