THE MAGAZINE

Know Cyber Risk by Managing Your IT Security is a new book by James P. Litchko and Al Payne, CISSP. The short book (only 160 pages) is written so that even the most technophobic manager can understand how, for example, to calculate a quantitative annual loss estimate for IT systems. The estimate, the book explains, "is the potential loss in dollars per year from attacks by a threat against a vulnerability.

Test your knowledge of tech terms by guessing what the following defines.

Resources on threats to instant messaging, a portable security device is tested, Amit Yoran discourages convergence, and more.

Amit Yoran, who served as director of the National Cyber Security Division in the Department of Homeland Security until he stepped down late last year, has some unconventional views on how IT and physical/operational security departments should be structured in the corporate world. "Tech Talk" recently talked with him about those views.

A recent report from the Subcommittee on Cybersecurity, Science, and Research & Development of the U.S. House of Representatives Select Committee on Homeland Security has proposed six recommendations for consideration by the Department of Homeland Security. These include the creation of an Assistant Secretary of Homeland Security in the department; and the development of a program and budget that will help the nation reach the goals of the National Strategy to Secure Cyberspace. @ Cybersecurity for the Homeland is available at SM Online.

The verb "hack" did not start out as a pejorative. In its original sense, it simply meant pushing a piece of hardware or software beyond its intended capabilities, to make it do something it was not designed to do.

More than 635,000 complaints were made in 2004 to Consumer Sentinel, a Federal Trade Commission (FTC) complaint database. Of these, 61 percent represented fraud, and the remainder identity theft.

The financial services industry in Chicago is collaborating with city, state, and federal officials to create a regional group that will work together on disaster recovery plans. The initiative, which others can use as a model, is described in a new report by the U.S. Department of Treasury: Improving Business Continuity in the Financial Services Sector: A Model for Starting Regional Coalitions. @ Visit SM Online or the full report.

A portable security appliance from Red Cannon Security, which produces endpoint security products, may answer these mobile concerns. The Fireball KeyPoint is a USB token that provides a host of security tools to help ensure that information entered remotely, whether in an airport kiosk, at the local Kinko's, or in a hotel business center, is kept confidential.

A Long Island school system updates access control lock, stock, and barrel.

Author Steve Coll's reporting is exemplary. Information comes from a range of respected and noted intelligence officers who served in Afghanistan during the Soviet occupation or the rise of the Taliban. Coll details such topics as command of the Northern Alliance and the plan to target Tarnak Farm, where Osama bin Laden stayed with his family. Coll also paints a thorough picture of CIA and State Department achievements and setbacks in the region.

Proper interviewing skills are, of course, crucial to the success of law enforcement and security. Scores of books detail interviewing tactics, many of them providing in-depth explanations on how and why the techniques work. In Advanced Interviewing Techniques, the authors cull the approaches that work best. Drawing from dozens of sources, veteran FBI agents John R. Schafer and Joe Navarro compile the interviewing techniques that have proven effective, without miring the reader in theory and case studies.

  Does a week ever go by without a major Windows vulnerability coming to light? It is evident that, prior to Windows XP Service Pack 2, the operating system was geared to file and printer sharing, not security. Among security professionals, the common view is that the best way to secure Windows is to use a more secure operating system such as Linux.

Intended for anyone whose duties involve "protection, minimizing risk, hiring employees, security training, manufacturing security technology, integrating security solutions, and mitigating threats," the book gives itself little space, 56 pages, to accomplish all these objectives. Fifteen subject headings carve the text into bite-size offerings, while 66 subheads dice these further into morsels. The result is staccato, with the authors striving to introduce, define, and illustrate one or two concepts per page.

An associate professor of criminal justice, Mary Clifford has written a lengthy text that would be especially useful to students pursuing a career in security management. Chapters conclude with discussion and review questions designed to help readers understand the terms and concepts presented. These exercises and the practice scenarios contained in the book are best when considered in a group or classroom setting with an opportunity for feedback.