Security Engineering: A Guide to Building Dependable Distributed Systems Review

Average Reviews:

(More customer reviews)Are you looking to buy Security Engineering: A Guide to Building Dependable Distributed Systems? Here is the right place to find the great deals. we can offer discounts of up to 90% on Security Engineering: A Guide to Building Dependable Distributed Systems. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Security Engineering: A Guide to Building Dependable Distributed Systems ReviewFor the typical busy security professional, reading a 900-page tome cover to cover represents an investment of time that may be difficult to justify. Frankly, security books that are worth the effort are few and far between. Security Engineering is one such book, for several reasons.
First, Ross Anderson's vast knowledge, experience and insight on the subject are well known, and his reputation as one of the top security experts in the world is well deserved. No doubt a reflection of this, his book covers a very broad range of security topics, the discussions ranging from high-level policy issues, all the way down to details of smartcard hacking and the mathematics of cryptography. The topics are well researched and described at a level of detail useful to the non-specialist. Concise summaries and occasional nuggets of insight indicate an in-depth understanding of the subject matter. The book is well written, easy to follow, and devoid of the vagueness and platitudes so typical of much of the security literature.
Second, the book exposes the sheer difficulty of engineering secure systems in the face of the many forces at play in a typical product development lifecycle. Through many case studies of success and failure, the author illustrates the numerous pitfalls that may befall even a well-intentioned design. Lessons learned from deploying products in the real world include the negative impact of perverse economic incentives, the importance of designing security features for maximum usability, and the need to look at a security problem from many different angles in a holistic manner. The book is a treasure trove of wisdom for the aspiring security engineer.
Lastly, the book brings together insight from many diverse areas of research. Disciplines ranging from economics, psychology, sociology, criminology, banking and bookkeeping, safety research, electronic warfare, to politics are all mined for ideas and results that could yield a better understanding of - and novel approaches to - difficult security problems. It is perhaps in this aspect that the book will prove to be most influential. Since the first edition was published in 2001, security economics, security usability, and security psychology have emerged as fertile areas of research.
Security Engineering: A Guide to Building Dependable Distributed Systems OverviewThe world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here?s straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.

Want to learn more information about Security Engineering: A Guide to Building Dependable Distributed Systems?

>> Click Here to See All Customer Reviews & Ratings Now

Read More...

CISSP Certification All-in-One Exam Guide, Fourth Edition (Cissp All-In-One Exam Guide) Review

Average Reviews:

(More customer reviews)Are you looking to buy CISSP Certification All-in-One Exam Guide, Fourth Edition (Cissp All-In-One Exam Guide)? Here is the right place to find the great deals. we can offer discounts of up to 90% on CISSP Certification All-in-One Exam Guide, Fourth Edition (Cissp All-In-One Exam Guide). Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

CISSP Certification All-in-One Exam Guide, Fourth Edition (Cissp All-In-One Exam Guide) ReviewNot sure why this book is so highly rated. Having taken (and passed) the CISSP several years ago, I need to retake this exam and bought three books for review and study purposes. I have a previous version of the Harris book and it is ~900 pages. This new version is 1100+ pages, but seems to be filled more with fluff and some of the actually useful knowledge has been removed! One example which stands out is the removal of the effectiveness and acceptance charts for biometrics methods. This is an important concept and it is entirely ignored in this version. Other things have been changed to no real benefit. The CIA triad (as is the de-facto acronym, even in her previous book) has been renamed to the ICA triad. There is no reason for this.
Finally, the entire book is written in a dumbed-down, cutesy fashion in an attempt (I believe) to make the book more approachable. All it has done, IMO, has increased the number of pages, possibly forcing out relevant materials.
I will pass this test, but it won't be because of this book. Buy the ISC book and the Krutz book (and/or a previous version of the Harris book) - you will not be disappointed.
UPDATE: ok, took the test in Sept and passed. I won't turn this into a test review as this is about the book, but when you buy a certification book, your primary requirement is that the book will be timely and relevant to the test material. The 4th Edition Harris book does just that. ISC has made significant changes to both the content and nature of the test (in large part to keep its test current on security trends and to satisfy a larger target audience) and Shon has captured those changes very well. So, having said all that, it is my revised opinion that this book is more than adequate for passing the test (although it is still filled with fluff.) If I could change the review, I would probably give it 4 stars at this point. The ISC book and the Krutz book are both excellent references to actually apply the knowledge in a meaningful way, however if you just want to pass the test, the Harris book will serve you well.CISSP Certification All-in-One Exam Guide, Fourth Edition (Cissp All-In-One Exam Guide) Overview
All-in-One is All You Need

Fully revised for the latest exam release, this authoritative volume offers thorough coverage of all the material on the Certified Information Systems Security Professional (CISSP) exam. Written by a renowned security expert and CISSP, this guide features complete details on all 10 exam domains developed by the International Information Systems Security Certification Consortium (ISC²). Inside, you'll find learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations. CISSP All-in-One Exam Guide, Fourth Edition will not only help you pass the test, but also be your essential on-the-job reference.

Covers all 10 subject areas on the exam:

Access control
Application security
Business continuity and disaster recovery planning
Cryptography
Information security and risk management
Legal, regulations, compliance, and investigations
Operations security
Physical (environmental) security
Security architecture and design
Telecommunications and network security

The CD-ROM features:

Simulated exam with practice questions and answers
Video training from the author
Complete electronic book


Want to learn more information about CISSP Certification All-in-One Exam Guide, Fourth Edition (Cissp All-In-One Exam Guide)?

>> Click Here to See All Customer Reviews & Ratings Now

Read More...

Enterprise Security Architecture: A Business-Driven Approach Review

Average Reviews:

(More customer reviews)Are you looking to buy Enterprise Security Architecture: A Business-Driven Approach? Here is the right place to find the great deals. we can offer discounts of up to 90% on Enterprise Security Architecture: A Business-Driven Approach. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Enterprise Security Architecture: A Business-Driven Approach ReviewThis is a particularly interesting book in that it proposes an approach to developing security architectures that are aligned with Business Needs. Most of the other literature that I have seen in this field seems to throw itself into technical detail and try to be a "cookbook" for techies.
The book is in two distinct parts - this first outlines the philosophy and approach of SABSA (Sherwood Applied Security Architecture) and the second draws on the authors' considerable experience in using SABSA in real-life scenarios, giving a set of "standard" services and mechanisms that should be considered when building an Enterprise Security Architecture.
If you are looking just to do techie "black box" security engineering with routers and servers then this book is not really for you. This is a book for those with a responsibility for enterprises where security can be seen as enabling the business rather than fighting it.
Like others with whom I have spoken, I liked the "quick notes" in the left hand column of every page that let's you speed read each chapter. They made it really easy to set a good insight into the subject quickly and focus on the areas that I really wanted to know more about.
One hidden gem in this book is the approach to Measuring Return on investment in security - it opened my eyes to using security as a business enabler.Enterprise Security Architecture: A Business-Driven Approach Overview'Destined to be a classic work on the topic, Enterprise Security Architecture fills a real void in the knowledge base of our industry. In a comprehensive, detailed treatment, Sherwood, Clark and Lynas rightly emphasize the business approach and show howSecurity is too important to be left in the hands of just one department or employee -- it's a concern of an entire enterprise. Enterprise Security Architecture shows that having a comprehensive plan requires more than the purchase of security software -- it requires a framework for developing and maintaining a system that is proactive.

Want to learn more information about Enterprise Security Architecture: A Business-Driven Approach?

>> Click Here to See All Customer Reviews & Ratings Now

Read More...

CISSP All-in-One Exam Guide, Fifth Edition Review

Average Reviews:

(More customer reviews)Are you looking to buy CISSP All-in-One Exam Guide, Fifth Edition? Here is the right place to find the great deals. we can offer discounts of up to 90% on CISSP All-in-One Exam Guide, Fifth Edition. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

CISSP All-in-One Exam Guide, Fifth Edition ReviewThere is no simple formula to prepare for the CISSP certification, and no single resource which can guarantee success on the certification exam since every applicant's background is unique. However, this book (fifth edition) was my only resource in preparing for the exam and I passed on my first attempt (April 24, 2010).
I spent 60+ hours in preparation for the exam... that's 60+ hours of DEDICATED individual study using this book and CD, not 60+ hours spent web surfing during lunch hours or commercial breaks. My recent background is in middle management, with 20 years experience in network architecture and data security, so I already had a firm technical foundation for the test areas dealing with protocols and encryption variations. I also have an MS in Computer Science. Nonetheless, the exam was so broad, with topics covering general principles and concepts, that I could have prepared twice as long and still left the exam with questions about the outcome.
My personal opinion is that formal classroom instruction, through one of the many organizations offering CISSP preparation courses, is a worthwhile companion to Shon Harris' book. A study group is also a good idea. You will not obtain CISSP certification if you take the exam without preparation. This book (fifth edition) was sufficient, but not 100% comprehensive, to prepare me for passing the CISSP test.
Note: Some reviewers do not appreciate Shon's frequent analogies and humor. Most of her analogies helped me internalize the complex topics, but that's my personal learning style. The efforts at humor were generally awful, but every once in a while she was subtle and brilliant enough to make me laugh out loud. Working through Shon's unique writing style was not a problem for me... I actually found it refreshing.CISSP All-in-One Exam Guide, Fifth Edition OverviewGet complete coverage of the latest release of the Certified Information Systems Security Professional (CISSP) exam inside this comprehensive, fully updated resource. Written by the leading expert in IT security certification and training, this authoritative guide covers all 10 CISSP exam domains developed by the International Information Systems Security Certification Consortium (ISC2). You'll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the CISSP exam with ease, this definitive volume also serves as an essential on-the-job reference.
COVERS ALL 10 CISSP DOMAINS:
Information security and risk management
Access control
Security architecture and design
Physical and environmental security
Telecommunications and network security
Cryptography
Business continuity and disaster recovery planning
Legal regulations, compliance, and investigations
Application security
Operations security

THE CD-ROM FEATURES:
Hundreds of practice exam questions
Video training excerpt from the author
E-book

Shon Harris, CISSP, is a security consultant, a former member of the Information Warfare unit in the Air Force, and a contributing writer to Information Security Magazine and Windows 2000 Magazine. She is the author of the previous editions of this book.

Want to learn more information about CISSP All-in-One Exam Guide, Fifth Edition?

>> Click Here to See All Customer Reviews & Ratings Now

Read More...