Book Reviews: IT Security
11/02/2007 - Forensic Discovery is not for technical novices; readers must have a solid understanding of computer file systems, networking concepts, and computer processes. The authors focus on computer forensics for UNIX (Solaris, FreeBSD, and Linux) computers, with scant information provided about Windows. The authors explain how to obtain reliable digital evidence from running UNIX systems, uncover changes to system utilities and kernel modules, and identify suspicious activity. Sample computer compromises illustrate the concepts.
Book Reviews: How-to
11/02/2007 - Tiller does a fantastic job explaining the process of the ethical hack from beginning to end. By way of charts, diagrams, graphs, and comparisons, the reader is led step by step through a penetration test. Also provided are sample incident reports and response forms, examples of documentation needed for the test, and an example of how the finished penetration-test document should be presented.
Book Reviews: Workplace Violence
11/02/2007 - In this book, author Marc McElhaney shares his experience, perspective, programs, and conclusions with regard to aggressive and threatening behavior in the workplace. His easy-to-read style blends comprehensive coverage with enough detail to make the book a practical tool.
Book Reviews: Terrorism
11/02/2007 - The face of terrorism today is Osama bin Laden. Yet for all the publicity surrounding him, he remains an elusive figure who has become larger than life throughout the Muslim world. Merely mentioning his name evokes adulation among his devotees and revulsion in the Western world. When he issues a video or audiotape, terror alerts spike all over the world. Therefore, knowing as much as possible about him is useful for those tasked with trying to counter his activities and those of his supporters. This book is an excellent effort to do just that.
Book Reviews: How-to
11/02/2007 - One of the most useful, and untapped, security tools at any business is the human resources department. HR serves as the operational equivalent of an access control system, keeping problem employees off the payroll. Many companies fail to take full advantage of this department.
11/01/2007 - When outsourcing security services, what key characteristics should you look for in a contractor? How can you figure out whether the rates a vendor charges are reasonable? What should you include in a request for proposal (RFP) for security services? In Value-Based Security Procurement, a book newly published by ASIS International, author David R. Serafine, CPP, answers these questions and more.
Book Reviews: Investigations
11/01/2007 - For the basics, one of the best chapters categorizes fraud into three primary types. One is duplicate-payment fraud, defined as the issuance of two or more identical checks to pay the same debt for a service. Second is multiple-payee fraud, which is similar, but the checks are not identical. The third type is shell fraud, the payment of alleged debts for fictitious projects or services. For each type, detailed analysis and case studies are provided.
Book Reviews: ID issues \ Identity Theft
11/01/2007 - Throughout the book, Smith plays the 9-11 card too much. If only the United States had had a massive database of financial transactions, surveillance images, and other personal data, Smith writes, the terrorists might have been stopped. He does admit, however, that technology such as databases and DNA can be used only to mitigate, not eliminate, threats to society.
Book Reviews: How-to
11/01/2007 - Author Ed Skoudis provides amazing insight into the types of tools attackers use to bring down computers and networks or to steal and manipulate information stored on those systems. As would be expected, worms and viruses receive considerable attention, but Skoudis also is adept at explaining backdoors, Trojan horses, malicious mobile code, rootkits, and numerous other tools and scenarios.
Book Reviews: Surveillance
11/01/2007 - The book has six parts, with writings ranging from the historical to the latest in current thought. A discussion of civil liberties during wartime leads off the book. Selections from the U.S. Constitution and a federal habeas corpus statute round out the first chapter and provide a legal context for the subject.
Book Reviews: Contingency Planning \ Disaster Management
11/01/2007 - Jim Kennedy’s chapter, “Business Continuity and Disaster Recovery,” deserves special mention because it is an excellent overview of the changes to traditional disaster planning brought about by the World Trade Center attacks. Less successful is a chapter entitled “Blending Corporate Governance with Corporate Security,” which discusses Sarbanes-Oxley. The author asserts that Section 404 of the act deals with “systems of control,” which he says are by their very nature computer information systems. Yet Section 404 does not specifically mention computer systems, and any security requirements beyond those necessary to ensure accurate financial accounting and reporting are beyond the scope of Sarbanes-Oxley. To flatly state that increased information security measures are required under this law is misleading.
Book Reviews: Access Control
10/29/2007 - Learn the skills and tools necessary to install and maintain effective intrusion alarm devices and systems.