Security De-Engineering Solving the Problems in Information Risk Management

PEOPLE AND BLAME

Whom Do You Blame?
The Buck Stops at the Top?
Managers and Their Loyal Secretaries
Information Security Spending—Driving Factors in the Wild
Do Top-Level Managers Care About Information Security?
Ignoring the Signs
Summary

The Hackers
Hat Colors and Ethics
"Hacker" Defined
Zen and the Art of Remote Assessment
The Hacker through the Looking Glass
Communication, Hyper-Casual Fridays, and "Maturity"
Hacker Cries Wolf
Unmuzzled Hackers and Facebook
Summary

Checklists and Standards Evangelists
Platform Security in HELL
CASE Survival Guidelines
CASEs and Network Security
Security Teams and Incident Investigation
Vulnerability/Malware Announcements
This Land Is Our Land
Common CASE Assertions
Summary

DE-ENGINEERING OF SECURITY

How Security Changed Post 2000
Migrating South: Osmosis of Analysis Functions to Operations Teams
Rise of Automated Vulnerability Scanner
Rise of Checklist
Incident Response and Management—According to Best Practices
"Best Practices" in Security Service Provision
Tip of the Iceberg—Audit Driven Security Strategy
Summary

Automated Vulnerability Scanners
Law of Diminishing Enthusiasm
False Positive Testing Revelations
Great Autoscanning Lottery
Judgment Day
Automation and Web Application Vulnerability Assessment
Web Application Security Source Code Testing
Summary

Eternal Yawn: Careers in Information Security
Information Security and Strange Attractors
Specialization in Security
Instant Manager
Technical Track
Summary

Penetration Testing—Old and New
Testing Restrictions
Restriction 1: Source IP Address
Restriction 2: Testing IP Address Range(s)
Restriction 3: Exploits Testing
Penetration Testing—The Bigger Picture
Summary

Love of Clouds and Incidents—Vain Search for Validation
Love of Incidents
Love of Clouds
Summary

SECURITY PRODUCTS

Intrusion Detection
Tuning/Initial Costs
Belt and Suspenders?
DoS the NIDS
Hidden Costs
Return on Investment
Network Intrusion Prevention Systems
Summary
A Final Note

Other Products
Identity Management
Security Information Event Management Solutions
Summary

RE-ENGINEERING OF SECURITY

One Professional Accreditation Program to Bind Them All
C-Levels Do Not Trust Us
Infosec Vocational Classifications
Requirements of an Infosec Manager
Requirements of Security Analyst
Regaining Trust: Theoretical Infosec Accreditation Structure
Summary

Index

Biography

Ian Tibble was an IT specialist with IBM Global Services before entering into the security arena. His experience of more than 11 years in information security allowed him to gain practical risk management expertise from both an architectural IT and a business analysis aspect. His experience in Infosec has been with service providers Trusecure (now Verizon) and PricewaterhouseCoopers, and also with end users in logistics, banking, and insurance. He has been engaged with security service delivery projects with close to 100 Fortune 500 companies and multinational financial institutions in Asia (Indonesia, Singapore, Malaysia, Taiwan, Hong Kong, and Australia) and Europe.

This is a passionate call to arms to recognise the contribution of engineering to business. In highlighting what the author believes is a diminishing role of qualified engineers, he lights the lighthouse beacon in the hope that business can thereby avoid crashing into the rocks of avoidable incident and financial loss.
—Written by Wendy Goucher, Information security consultant, writing on www.infosecskills.com

Read the full review at: http://resources.infosecskills.com/mm-cat-list-books/mm-cat-list-infosec/114-book-review-sedeeng