The Business Case for Network Security: Advocacy, Governance, and ROI

Ever wished you grabbed a network security title off the shelf and found it to be comprehensive enough, covering hot topics such as security policies, risk management, top-level attacks and security threats in a non-technical manner, but without compromising quality and important information? If so, then this is your book. Catherine Paquet, Warren Saxe and Cisco Press have managed to produce what seems to be more than just `another fine title'. The Business Case For Network Security is a book aimed at people. The book is well written using simple English language, allowing people of all levels to clearly understand the topics analysed. The target audience would seem to be people in a managerial position or network professionals who require basic understanding of network threats, security measures, risk assessment tools etc., without getting into the details required by a programmer or security auditor. So what's covered? The book has 3 main sections: 1) Vulnerabilities and Technologies 2) Human and Financial Issues 3) Policies and Future Vulnerabilities and Technologies The first section is certainly a favourite! It starts by introducing the reader to the world of security by exposing the damage caused by exploits and hackers in general. Continuing with a small yet effective analysis of `the hacker', where they come from, how they are categorised, the authors then move into the popular topic `categories of attacks'. Here are just a few illustrated and well documented attacks outlined in the book: * Buffer Overflow and Bandwidth Consumption * Domain Name Hijacking * Mail Bomb * Distributed Denial of Service Attack * Footprinting * Eavesdropping * Password Attack Even the new wireless attacks are included here, along with the famous `Social Engineering Tactics'! The authors take the reader through ways to protect a network from these types of attacks. Virus protection, traffic filtering, encryption, content filtering, assessment and auditing are a few of the methods and tactics analysed. Human and Financial Issues The second section is where this wonderful book starts to really move away from your everyday security book. It discusses in detail how company managers are able to `secure' their network by enforcing policies and providing strict guidelines to their employees. This is a topic many books fail to cover in the detail required. Some don't mention it at all. If you consider that the `human factor' still remains the greatest threat of all, then you'll understand how important this topic is. The book does a great job by not only fully covering the topic, but also providing useful information to help managers start thinking and acting accordingly. A generous 130 pages are devoted to this section and here are a few of the topics discussed: * Securing the Organization: Equipment and Access * Managing the Availability and Integrity of Operations * Mobilizing the Human Element: Creating a Secure Culture * Determining Rules and