thanhtam_bach
29-06-2006, 15:18
Mission-Critical Security Planner: When Hackers Won’t Take No for an Answer
http://img58.imageshack.us/img58/3850/b00009eimz01lzzzzzzz2qe.jpg
This book, especially if used in conjunction with the author’s web site (see ASIN B0000C7RBX), is one of the most valuable additions to the IT security profession that I’ve read. My reasons for making this bold statement include:
- The book provides a coherent and focused approach to developing and implementing a security plan. You can find numerous books on writing and implementing policies and procedures, or establishing a security posture, but this is the first book I’ve read that steps you through the process of conceiving, implementing and keeping alive a viable security plan.
- By separating the process into three distinct domains (referred to as ’stacks’) you ensure that your plan encompasses and integrates the technology, process and business elements into a coherent strategy.
- Artifacts in the form of a complete set of worksheets provide a set of tools that give a framework and speed up the planning process.
The planning approach set forth in the book is straightforward and realistic - you’re led through the preliminaries, which includes conceiving a plan that matches your needs, and selling the plan to sponsors (an often overlooked, but essential activity when fighting for budget). The next step is to perform an impact analysis, and this is where the book shines, because the author focuses on business issues instead of technology. This promotes awareness and goes a long way towards getting buy-in and funding, as well as laying a solid foundation for a long-term security plan. Next the author shows how to select the correct security model and avoid common pitfalls. These lead to building organizational consensus - buy-in from all stakeholders. The difference between this step and the preliminary step of selling to a sponsor and obtaining funding, which is vertical, you need to promote the plan horizontally as well. The final steps are to implement and continuously refine the plan.
Of course, the overview above only describes the approach contained within the book. There is much more to commend it, such as clear writing, superb page design that portrays information in graphs, illustrations and tables, and the details the author provides. There is not a single statement or recommendation that is unsupported, and the material is both sensible and accurate.
http://rapidshare.de/files/24347360/Mission-Critical_Security_Planner.rar
http://img58.imageshack.us/img58/3850/b00009eimz01lzzzzzzz2qe.jpg
This book, especially if used in conjunction with the author’s web site (see ASIN B0000C7RBX), is one of the most valuable additions to the IT security profession that I’ve read. My reasons for making this bold statement include:
- The book provides a coherent and focused approach to developing and implementing a security plan. You can find numerous books on writing and implementing policies and procedures, or establishing a security posture, but this is the first book I’ve read that steps you through the process of conceiving, implementing and keeping alive a viable security plan.
- By separating the process into three distinct domains (referred to as ’stacks’) you ensure that your plan encompasses and integrates the technology, process and business elements into a coherent strategy.
- Artifacts in the form of a complete set of worksheets provide a set of tools that give a framework and speed up the planning process.
The planning approach set forth in the book is straightforward and realistic - you’re led through the preliminaries, which includes conceiving a plan that matches your needs, and selling the plan to sponsors (an often overlooked, but essential activity when fighting for budget). The next step is to perform an impact analysis, and this is where the book shines, because the author focuses on business issues instead of technology. This promotes awareness and goes a long way towards getting buy-in and funding, as well as laying a solid foundation for a long-term security plan. Next the author shows how to select the correct security model and avoid common pitfalls. These lead to building organizational consensus - buy-in from all stakeholders. The difference between this step and the preliminary step of selling to a sponsor and obtaining funding, which is vertical, you need to promote the plan horizontally as well. The final steps are to implement and continuously refine the plan.
Of course, the overview above only describes the approach contained within the book. There is much more to commend it, such as clear writing, superb page design that portrays information in graphs, illustrations and tables, and the details the author provides. There is not a single statement or recommendation that is unsupported, and the material is both sensible and accurate.
http://rapidshare.de/files/24347360/Mission-Critical_Security_Planner.rar