Network Security Evaluation Using the NSA IEM

Paperback (Print)
Buy Used
Buy Used from
(Save 41%)
Item is in good condition but packaging may have signs of shelf wear/aging or torn packaging.
Condition: Used – Good details
Used and New from Other Sellers
Used and New from Other Sellers
from $8.86
Usually ships in 1-2 business days
(Save 86%)
Other sellers (Paperback)
  • All (9) from $8.86   
  • New (2) from $27.94   
  • Used (7) from $8.86   


Network Security Evaluation provides a methodology for conducting technical security evaluations of all the critical components of a target network. The book describes how the methodology evolved and how to define the proper scope of an evaluation, including the consideration of legal issues that may arise during the evaluation. More detailed information is given in later chapters about the core technical processes that need to occur to ensure a comprehensive understanding of the network’s security posture.

Ten baseline areas for evaluation are covered in detail. The tools and examples detailed within this book include both Freeware and Commercial tools that provide a detailed analysis of security vulnerabilities on the target network. The book ends with guidance on the creation of customer roadmaps to better security and recommendations on the format and delivery of the final report.

* There is no other book currently on the market that covers the National Security Agency's recommended methodology for conducting technical security evaluations
* The authors are well known in the industry for their work in developing and deploying network security evaluations using the NSA IEM
* The authors also developed the NSA's training class on this methodology

Read More Show Less

Product Details

  • ISBN-13: 9781597490351
  • Publisher: Elsevier Science
  • Publication date: 8/13/2005
  • Pages: 450
  • Product dimensions: 9.25 (w) x 7.50 (h) x 0.94 (d)

Meet the Author

Russ Rogers (CISSP, CISM, IAM, IEM, Hon. Sc.D.), author of the popular "Hacking a Terror Network: The Silent Threat of Covert Channels" (Syngress, ISBN: 978-1-928994-98-5), co-author of multiple books, including the best-selling "Stealing the Network: How to Own a Continent" (Syngress, ISBN: 978-1-931836-05-0) and "Network Security Evaluation Using the NSA IEM" (Syngress, ISBN: 978-1-59749-035-1), and former editor-in-chief of The Security Journal, is currently a penetration tester for a federal agency and the co-founder and chief executive officer of Peak Security, Inc., a veteran-owned small business based in Colorado Springs, CO. Russ has been involved in information technology since 1980 and has spent the past 20 years working as both an IT and InfoSec consultant. Russ has worked with the U.S. Air Force (USAF), National Security Agency (NSA), Defense Information Systems Agency (DISA), and other federal agencies. He is a globally renowned security expert, speaker, and author who has presented at conferences around the world in Amsterdam, Tokyo, Singapore, São Paulo, Abu Dhabi, and cities all over the United States. Russ has an honorary doctorate of science in information technology from the University of Advancing Technology, a master's degree in computer systems management from the University of Maryland, a bachelor of science degree in computer information systems from the University of Maryland, and an associate's degree in applied communications technology from the Community College of the Air Force. He is a member of ISSA and (ISC)2® (CISSP). Russ also teaches at and fills the role of professor of network security for the University of Advancing Technology (

Greg Miles,(Ph.D., CISSP#24431, CISM#0300338, IAM, IEM)is the President, and Chief Financial Officer of Security Horizon, Inc. Security Horizon is a Global, Veteran-Owned Small Business headquartered in Colorado Springs, Colorado.

Read More Show Less

Table of Contents

Introduction to the IEM; Before You Start Evaluating; Setting Expectations; Scoping the Evaluation; Legal Planning Chapter; The Technical Evaluation Plan (TEP); Starting your On-Site Efforts; Enumeration Activities; Collecting the majority of vulnerabilities; Fine Tuning the Evaluation; On-Site Closing Meeting; Evaluation Analysis; Creating Measurements and Trending Results; Trending Metrics Chapter; Final Reporting Chapter; IEM Summary; Appendix A: Table of example tools for each of the 10 baseline activities; Appendix B: Sample TEP layout
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted November 12, 2005


    Companies that admit that they have an information security problem, is the first step toward a solution. If you are one of those companies, this book is for you! Authors Russ Rogers, Ed Fuller, Greg Miles, Matthew Hoagberg, Travis Schack, Ted Dykstra, Bryan Cunningham and Chuck Little, have done an outstanding job of writing a book that will help the majority of experienced INFOSEC professionals in the industry find the optimum security solution for their respective organization. Rogers, Fuller, Miles, Hoagberg, Schack, Dykstra, Cunningham and Little, begin by helping you understand what the IEM is intended to address, why this type of work is requested, where it could potentially be applied, and the phases into which IEM is organized. Next, the authors focus on those activities that occur prior to the start of the evaluation. Then, they delve into one of the most critical preparation aspects of doing any evaluation: assessing customer expectations, the tangible and intangible factors, that will affect the outcome of the evaluation. The authors continue by discussing the components and activities of the scoping process that will give you the majority of the information needed to do an effective and efficient job during the evaluation process. In addition, the authors next provide an overview of a number of legal issues faced by information security evaluation professionals and their customers. They also discuss the various aspects of the TEP and some of the things you want it to accomplish. Next, the authors discuss the framework of the on-site evaluation phase, where the meat of the technical evaluation occurs. Then, they discuss the network discovery portion of the onsite evaluation phase. The authors continue by covering the vulnerability scanning and host evaluation portions of the IEM. In addition, the authors then cover the remainder of the scanning, or hands-on, portion of the IEM. They also discuss the out-brief meeting that you'll hold with the customer. Next, the authors walk you through the process of categorizing , consolidating, correlating, and consulting, to develop practical and effective solutions for the customer. Then, they cover the sources of finding information and how this information can be put into a single chart that the customer an use as a road map to improving their security posture. The authors continue by identifying some type of metrics that will be needed to readily identify the current security posture. They also cover the presentation of the final report. Finally, they sum up the entire book. With the preceding in mind, the authors have also done an excellent job of writing a book that addresses the process-level security issues along with the technical findings, so that you can improve your chances to mitigate problems before they occur. So, in the end, all of these pieces can come together to create a custom and valuable security solution for your customer!

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)