- Microsoft will float cloud OS this month
- Top 16 Chinese iPhoneys
- Pimp your ride: Cool car technology
- Laptop stolen from McCain campaign
- Cisco, Microsoft roll out server, networking appliance
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Value of WDS
Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.
Joel Dubin has just sent me the update of his useful guide to computer security, The Little Black Book of Computer Security. In October 2005, I published a review of the first edition and I refer readers to that review for a sense of the first edition's qualities. I liked the book so much I ordered it for the assigned readings in one of the seminars in the MSIA program.
The book has grown from 150 pages to 207 pages (38%) but its price has changed from $19.95 to $25.95 (30%). Seems fair. It still fits in a (large) pocket. More important, the content has significant changes.
Dubin begins with an insightful commentary in his introduction (quoting exactly):
"IT security has broadened dramatically. Its issues have expanded from the technology arena into the business arena. In other words, IT security no longer consists solely of the IT department working to lock down networks. It has moved into the boardroom as business leaders grapple with the business impacts of potential data breaches. Those leaders are now concerned with complying with legal regulations, protecting the privacy and identity of their customers, and keeping their brands intact if data breaches do occur. Consequently, IT security has developed into the more wide-ranging field of information security.
"Furthermore, as the network perimeter has dissolved, the old-fashioned firewall has evolved. Hackers have become more sophisticated, bypassing firewalls and other network controls by inserting malicious code into Web sites. Today, even innocent sites can serve as repositories of dangerous malware that can defeat the toughest network defenses. In other words, the threat has shifted from the network to the application. The new paradigm therefore entails not only safeguarding hardware and networks but also protecting data wherever it happens to be – a Web site, a database, or anywhere in between."
There are three new chapters. Quoting from correspondence with Dubin:
* Chapter 19 on compliance and working with auditors, since this has become such a big part of many IT security professionals'
lives.
* Chapter 20 on security awareness training, since this has become part of compliance with tips on the bare bones minimum
of what should go into an security training program.
* Chapter 21 is a simple explanation of encryption, which IT security pros can use to distill this complex topic for the business
folks.
M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.
Rss FeedRss Feed
The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
Security Considerations When Deploying Remote Access SolutionsEffective network security is most successful when you use a layered approach, with multiple...
The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...
Turning information into a Competitive AdvantageCompanies today are realizing that competitive advantage is harder to sustain when based solely on...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Discover why Unified Threat Management Firewalls are ready for the enterprise today. High...
The Evolution of Network SecurityWe have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment