Inside the Security Mind: Making the Tough Decisions

Inside the Security Mind:Making the Tough DecisionsKevin DayPrentice Hall 2003Isbn 0-13-111829-3Inside the Security Mind is an easy read geared for the novice and as well as the seasoned pro. It starts with the basics and develops a good path to higher security concepts.Well written with the focus on developing a good security program and implementing training, Inside the Security Mind will guide you through the steps necessary to allow you to define your security goals and policies. Inside the Security Mind was written with the premise in mind, best defined on page 283, which states:" the evolution of security will not come through technology, but through awareness."This book is great for helping to develop your own security and training policies and programs, including appendices complete with outlines and web resources to help setup basic computer security training classes within any organization and keep current with ongoing developments. Inside the Security Mind has comprehensive examples and comparisons through out the text demonstrating how to define security guidelines and setting rules by using risk and threat tables.Written in simple layman's terms Inside the Security Mind starts with an overview of the realities of computer security including the positive and negative risks and covers subjects such as: Good guys and bad guys: who really is a hacker and who is not. The 4 types of common hackers, who they are, what they are usually targeting and the most common exploits used for attack.Allows you assess your necessary considerations, efforts, focus and education required to define your security policies and procedures.Defines a set of eight necessary security rules and their implications, including the difficulties of granting and implementing these rules.Demonstrates the effects of trust, change, access, weaknesses, separation, process, prevention, response and their integrated effects on security.Displays common connection, networking and database vulnerabilities as well as operating and physical vulnerabilities and their relationships. Shows how attacks can be chained (combined) and the effect of what chaining does.Differentiates between criminal hackers and the more common garden-variety typesDemonstrates how to lower liabilities from outside the network Defines security assessment models: how to define risks and threat assessment including traditional US relational security assessmentsDisplays audit measures and their relationship to acceptable risk assessment regarding perimeter and internal architecturesShows current audit tools and the types of scans and why they are usedDefines standard defenses and their staffing considerationsHow to use of external vs. internal consultants and the truths about certificationsWhat security hazards associated with hardware-based security existHow firewalls will and will not be useful to your defenses and why firewalls are not all that is needed.What the perimeter, internal, physical, server/dev

A very interesting book, that tries a new approach to security, and tries to avoid the mumbo-jumbo of IT-security and still be valid in a business environment.Well worth reading, especially his 8 rules, that I decided to adhere to in my future security evaluations.Don't understand what I'm talking about? Read the book, you will probably find it an enlightening experience (in parts) what regards security.

I could not agree more with Stephen Northcutt's Review of Inside the Security Mind. I see this book as a bold and Powerful new approach to thinking about infosec. The rules of security are well thought-out and very effective. Look at a server, a company, a policy, a relationship, and you can evaluate them all through the same series of methodical rules. The language is very eloquent and the style is extremely read-able. I really feel this book should be required reading for anyone wanting to learn Security! The first 1/2 of the book is the best, and the second 1/2 is great for the "practical examples" of how all the peaces fit in the real world works. One big note here: THIS BOOK is NOT for the Tech-Geek looking for a new way to tweak his techy skills. This is book is for those SERIOUS about learning what INFORMATION SECURITY is all about.

This is not a traditional techie "how-to" book; nor does it appear that it was intended to be. The treasure of Relational Security as presented in this book lies in the "process". For those who are able to think past the firewall, the methodology presented in the Security Mind can be applied to successfully analyze and secure virtually any business environment. The Relational Security model is revolutionary.

I just finished "inside the security mind", and I must say I am very very happy with my purchase. I have an entire shelf of security related books, techno-geek and methodology... this book taught me more in 200 pages then the others taught me in 2,000. I highly recommend it to all :)