Inside Network Security Assessment: Guarding Your IT Infrastructure [With CDROM]

If you need an overview of the current state of the art for network security assessment - this book is for you. It describes a security assessment process end-to-end, covering all aspects of it: reasons for the assessment, risk assessment methodologies, scoping of an assessment project and its goals, how to conduct the assessment, what to put into the final report, and what is involved in the post-assessment activities. The book also gives an overview of contemporary government standards and security evaluation tools, and even offers security assessment forms and a sample report. This book is *NOT* a detailed description of the intrinsic and technology behind the attacks or ways of warding them off, even though the authors do a superb job of explaining most major concepts and terms. While anything that ends with the word "process" promises the excitement of watching paint dry, I've found this book quite informative and written very well. For me, it is more important to understand than remember; every statement in a book is logically solid and supported by a reason or explanation. With respect to this, the authors have not disappointed me. I disagree with negative comments mentioned in the F. Yan's review below. For example, indeed, on page 111 the authors stated that the greatest threat to an organization and its IT infrastructure are employees, contractors, and third-party users; on the same page they named insecure computing habits of the *employees* as the 2nd threat, and on page 112 they listed *disgruntled* employees as the 3rd greatest threat. I don't see any contradiction, since disgruntled employees are a subset of the total population of employees. Similarly, I could not find validation to other negative comments. Nevertheless, the book has a couple of rather small shortcomings. One is a bit dry style of some chapters consisting primarily of bullet point lists, although the points themselves are sharp, concrete, and important. I also wish that the book's cover were made from a more practical and durable material. Overall, this is an excellent and useful book, that delivers on its promises.

In my experience what's important is to have an overall structure when performing any task. That's one of the things I liked about this book as it didn't get bogged down with an endless review of a million tools. The book offers a look at the bigger picture providing information on the overall structure and flow of the assessment. While it is evident that it was written by two writers, those individuals planning on performing an assessment or involved with one should find this book useful. I believe this book would also be helpful to people new to the security assessment area. When reading a book my objective is to learn something I did not know before or to add to my skill set. This book met that mark for me.