***** Scrappy Information Security: The Easy Way to Keep the Cyber Wolves at Bay. By Michael Seese; published by Scrappy About, www.scrappyabout.com (Web); 212 pages, $19.95.
This concise book, written in everyday English, offers a quick and constructive overview of IT security for those new to the topic, and perhaps some tips for seasoned professionals responsible for user training.
Sections on phishing and host hardening make abstract problems understandable. Reader-friendly features, such as text boxes captioned “What It Means,” amplify the technical discussion and aid comprehension of the material. In addition, paragraph-sized tips throughout the text address practical issues such as “What Not to Post on MySpace or Facebook” and “Avoiding Keeping Sensitive Material on Your Laptop’s Hard Drive.”
Author Michael Seese harbors great concern about the average user’s susceptibility to misleading information about security threats and solutions. Seese’s general remedy for users’ gullibility is a sound one: training. Constant reinforcement of fundamental security concepts through a variety of training strategies is the best way to help users avoid common IT security pitfalls.
In a short chapter on the topic, he says that training must address the “why” behind security measures, and should take the form of “edu-tainment” to enhance interest. The text does not, however, provide details on implementing a training program. In Seese’s defense, such details may be beyond the scope of this book. Professionals developing their first training program should consult a more thorough reference, but seasoned IT security professionals may find useful tips for improving existing programs.
Scrappy Information Security lacks the weight and depth to act as a primary textbook, reading more like notes for an introductory course. That, however, is not bad for review purposes, so using it as a supplementary text could reinforce learning. As a quick guide for the perplexed novice, the book serves as a useful tool to hand a student or a non-IT manager entering the field with trepidation.
Reviewer: Ronald L. Mendell, MS, CISSP (Certified Information Systems Security Professional), is an investigative writer and an adjunct assistant professor of computer science at Austin Community College in Austin, Texas. He is the author of Probing into Cold Cases: A Guide for Investigators, published by Charles C. Thomas.