- Shopping Bag ( 0 items )
Good, but not what I expected.
After reading a brief overview of this book I was really excited to read it. As an information security professional, I was hoping the author would stir up some controversial thoughts and ideas that may have me rethinking the way I am doing things. What I got was a book that was a very good read, but nothing revolutionary. The book is organized into forty-eight topics, each a separate chapter consisting of a few pages each. Each chapter was just long enough to give some details or opinions about a topic without boring the reader with mundane page filler.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.
Chapter 16: The Cult of Schneier, was a great chapter. Yes, Bruce Schneier is one of the smartest minds in the industry, but he is the first to tell people not to be sheep. The author takes this one step further and declares do not take everything Schneier says as gospel, he is human, and can be wrong. Although I agree with the authors' thoughts that he will get a lot of flack for these comments from the "Cult of Schneier," I thought it was a great way to tell people to think for themselves and think outside the box.
Chapter 24: Open Source Security: A Red Herring was my favorite chapter in this book. It looks at both sides of the open source software vs. closed source software debate. This portion of the book was written in a way to let the reader come to the own conclusion about the debate, and not just rely on the authors' opinion. It was an unbiased view on the pros and cons to both types of software solutions.
Chapter 30: "Responsible Disclosure" isn't Responsible, was another great chapter. Again the author presented many pros and cons to both sides of the debate about public disclosure of vulnerabilities. This was again a chapter that shows the reader how the software industry currently views disclosure and lets the reader decide how they feel about the issue. In my opinion, this is one of the few chapters that will make you think about your stand on the topic and maybe help you choose a position.
All of the anti-virus chapters were very well written, as expected from someone who has worked for one of the largest anti-virus developers. These chapters gave enough insight and detail about how the software works to let a layman understand, but not so much detail that they drowned in information.
In chapter 5 the author talks about the security software he runs, and then common security software that he does not run, including: firewalls and AV. His arguments for not running these items seemed very weak, especially for a guy who works for an anti-virus company. I would have liked more insight into his thought process.
I found one contradiction that stood out, in Chapter 3 the author states that "However, these days, few services are visible by default..." when talking about need of firewalls. In Chapter 5 the author states firewalls are needed because "people typically leave lots of vulnerable services on machines that are directly accessible to a lot of people". Which is it?
Overall this book was a very fast (you could read it on a short flight), but very good read. It may not challenge your perspective as I had previously thought, but it is a good refresher as to why some of us work in the Information Security industry.
Review Written By Wayne M Gipson, CISSP, CISA
Posted September 13, 2010
No text was provided for this review.