Vous voulez voir cette page en français ? Cliquez ici.


or
Sign in to turn on 1-Click ordering.
or
Amazon Prime Free Trial required. Sign up when you check out. Learn More
More Buying Choices
Have one to sell? Sell yours here
Tell the Publisher!
I'd like to read this book on Kindle

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Inside the Security Mind: Making the Tough Decisions [Paperback]

Kevin Day
4.5 out of 5 stars  See all reviews (13 customer reviews)
List Price: CDN$ 46.99
Price: CDN$ 29.60 & FREE Shipping. Details
You Save: CDN$ 17.39 (37%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 1 left in stock (more on the way).
Ships from and sold by Amazon.ca. Gift-wrap available.
Want it delivered Friday, August 1? Choose One-Day Shipping at checkout.
Join Amazon Student in Canada


Book Description

Feb. 20 2003 0131118293 978-0131118294 1
Inside the Security Mind: Making the Tough Decisions, by security expert Kevin Day, teaches information officers how to think like a top security guru. Using real-world examples, Day explains how to reduce any security problem to a set of essential principles, making it easy to arrive at optimal solutions. Includes practical material on enterprise security issues and measures.

Frequently Bought Together

Inside the Security Mind: Making the Tough Decisions + Security Engineering: A Guide to Building Dependable Distributed Systems + Computer Security Basics
Price For All Three: CDN$ 129.77

Some of these items ship sooner than the others. Show details

  • In Stock.
    Ships from and sold by Amazon.ca.
    FREE Shipping. Details

  • Security Engineering: A Guide to Building Dependable Distributed Systems CDN$ 70.39

    In Stock.
    Ships from and sold by Amazon.ca.
    FREE Shipping. Details

  • Computer Security Basics CDN$ 29.78

    Usually ships within 2 to 4 weeks.
    Ships from and sold by Amazon.ca.
    FREE Shipping. Details


Customers Who Bought This Item Also Bought


Product Details


Product Description

From the Inside Flap

PrologueIn the Beginning...

It has been nine years since I first took up the sword to ward off a malicious two-headed hacker that was invading my lands. Over the past nine years I have witnessed a great deal of carnage and gore in the information security world. Securing everything from governments, Fortune 500 companies, health-care giants, medical research institutes, and even the good, old mom-and-pop shops has led me though a long maze of questioning and discovering. I have lived a cycle of life starting from the intrigued beginner, to the sworn hands-on technologist, to the enthused architect, to the senior advisor, and finally, the simple philosopher.

Like many philosophers, I cannot claim the ideas and practices in my book to be my own. They have simply been the inspiration of security related events and studies that have passed before me over the years. Eventually, the mind begins to notice things, patterns to what otherwise seems like simple madness. I began to realize what an incredible tool the recognition of these patterns presented; weapons of defense that can be wielded by everyone, not just by the security experts and the technically elite.

Here, I invite you to use these same weapons to protect your own homeland. The practices contained in this book have been proven time and again in direct combat with the enemy. The companies that have unfixed their eye from the size of their cannons and focused instead on the principles presented here have achieved security without a great deal of effort. For you see, the determining factors in a successful battle are not simply the technologies used, but the planning, strategizing, and decision making that take place before, during, and after the battle is complete.

Today, too many battles have been lost while following the commonly adopted guns and swords of information security. Too much blood has been spilled and too many retreats have been sounded in the chambers of our corporate lords. The first line of this book states, "The time has come for a different way of thinking about information security." What we are about to look into is not really "new" at all, but time honored practices of the ages, simply presented in a new and effective way.

Who Should Read this Book?

Inside the Security Mind was written in such a manner that anyone with the most basic IT knowledge will be able to read it. This was done with great care as I truly believe that everyone associated with technology within an organization should read this book. The chapters build upon constant and universally applicable rules of security that everyone should know and practice. Rather than having to spend years in study or practicing in the industry, however, the reader has only to grasp the concepts presented here. That is the goal of this book, to provide the reader with tools to think like a security expert and to correct the many flaws that currently plague the information security world. As such, I highly encourage the following people to read this book:

  • IT Managers. This book is designed to help the reader make good, effective, and consistent security decisions without a great deal of study. Today, security should be a concern for all IT-related managers and directors, and for many who are not directly related to IT. Even if you are not responsible for any specific security practice, it is important to protect your department, facility, or corporation from the many security and availability threats in the world. The majority of successful security attacks over the past few years could have been prevented if the local staff only had been aware of security. When the concepts contained herein are understood and practiced, you will become "security aware" without having to take a class or learn how to install a firewall. I highly encourage those in charge of any aspect of IT to read this book and recommend it to your IT employees.
  • Technical Gurus. As has become obvious over the years, every piece of information technology is in need of security focus. It is impossible to implement a server, router, application, VPN, or wireless extension without affecting the security of the rest of the organization. As such, anyone dealing with technology should have security awareness while performing their daily duties. This book is designed to create a high degree of such awareness and provide tools and techniques that can be applied to every type of technology, whether designing, developing, or implementing it. In the final sections, we will explore several technologies that require the most security care, and we will discuss how to safely implement them. Going far beyond this, however, the guidelines given throughout the book can and should be applied to all technologies. After reading this book, the next time you hook up a router, install a server, or bring up a new WAN link, you will know where to look for the security implications and how they should be addressed, regardless of the specific technology.
  • Up-and-Coming Security Practitioners. The concepts presented in this book represent the heart and soul of information security. Anyone desiring to be a security professional should become thoroughly familiar with them. So put down that firewall manual, take a break from configuring the IDS sensor, and venture to read what security is all about. This book is probably the quickest way to advance to the next level in your security abilities.
  • Seasoned Professional Security Practitioners. This will be a great book for building on concepts you probably already have in your head. I have found it of great use to have the concepts that are normally flitting about in the back of the mind, laid out in plain sight. Beyond this, Inside the Security Mind provides a great structure for you to build security practices, and is quite helpful in conveying security concepts to your managers, directors, employees, and clients.
How to Read this Book

As you have no doubt concluded, this is probably not going to be your everyday IT reading experience. The style of this book was not adopted just to be cute and friendly, but rather to set the proper mood. In a moment, you will turn to Chapter 1, and you will not find a formal textbook on information security, but a true-to-life guide on surviving in the IT industry. This book requires only that the reader proceed with an open mind and an expectation of something pleasantly different. I would not be surprised if there are sections within this book that contradict the practices you have read or seen in the past, and perhaps, at the conclusion of the book, we will all agree on why.

The book flows linearly with each concept building upon the concepts presented before it. In the beginning, we will cover The Virtues of Security, basic understandings of how security should be embraced within an organization. We will then build upon those virtues to derive The Eight Rules of Security, practical concepts that can be easily applied in just about every situation. Next, you will find higher concepts that build upon the rules, and then, finally, a plethora of practical applications where all of this information is synthesized into real-world uses.

As you can probably guess, this is not a book with which one should skip back and forth through the pages searching for a specific topic. In order to fully understand the recommendations on protecting your VPNs, for example, you must first understand the virtues, rules, and concepts that the recommendation has been built upon. As such, I would highly recommend reading Inside the Security Mind in its entirety, even the sections that may not seem to directly apply to your environment. Sections within this book that deal with specific technologies actually apply universally and will often yield information to help apply the same concepts elsewhere.

This brings me to my next point. When reading this book it is crucial to not get to sidetracked with any specific technologies mentioned. While we will certainly delve into specific areas to help hone in the concepts, all sections are built upon the same reasoning, understanding, and philosophy. Thus, while I am saying "a server", it is also applicable to a router, room, application, network, and employee. Our goal here is far more than simply implementing a firewall and monitoring our intrusion detection system.

Making the Tough Decisions

The main goal of this book is to arm you with the ability to make good security decisions in all situations either simple or complex. Because the human thought process is a vastly complex beast, I have attempted to isolate the major points that should always flash through the mind when making a decision. After we have journeyed through the virtues, rules, and higher practices, you will find a short chapter describing how to use this information to make a good security decision. This section is a synthesis of everything that came before it, and is a good example of how one should think with a security mind. If you follow this section with an open mind, you may find that all of your security problems follow a similar flow. You will surely notice that some of the comments I make do not apply in every situation, but the heart of the process is extremely effective in recognizing and solving security problems.

Beginning at the End

As a final thought before venturing on I believe it would be helpful to understand the ultimate purpose of this reading. So, if I may, I invite you to take a glimpse at the conclusion that it may stay in your mind during the gap between page turns.

"To date, security has been a goal unachieved by many organizations. For some, information security appears to be a large, untamable beast that they simply hope will not bite them. As we have seen, though, security is not a monster, but rather a series of interrelated core concepts surrounded by an infinite number of possibilities. By taking our eyes off the infinite possibilities and focusing on the core concepts presented in this book, security becomes a much easier matter to comprehend and deal with. Placing proper focus on daily practices allows organizations to break away from the traditional security nightmares and makes security a natural extension of everyday actions."

"When an organization makes decisions using a developed security mind, it separates itself from the struggles and costs commonly associated with information security. In this infinitely dynamic world of IT, practicing such higher principles of security is the only chance we have to defend ourselves against enemies. If organizations continue to embrace new security technologies without developing a higher understanding of security, the enemies will simply be required to develop new and more clever technologies with which to attack us. However, when organizations begin to develop a security mind, they will begin to transcend such common "thrust and parry tactics," and through these efforts, emerge from the war victorious."

From the Back Cover

"This is a really good book ... it spells out the motherhood and apple pie of information security in a highly readable way."

—Warwick Ford, CTO, VeriSign, Inc.

"An excellent security read! Breaks down a complex concept into a simple and easy-to-understand concept."

—Vivek Shivananda, President

  • Redefine your organization's information security
  • Learn to think and act like a top security guru!
  • Understand the founding principles of security itself and make better decisions
  • Make your security solutions more effective, easily manageable, and less costly!
Make smarter, more informed security decisions for your companyOrganizations today commit ever-increasing resources to information security, but are scarcely more secure than they were four or five years ago! By treating information security like an ordinary technological practice—that is, by throwing money, a handful of the latest technologies, and a lineup of gurus at the problem—they invariably wind up with expensive, but deeply flawed, solutions. The only way out of this trap is to change one's way of thinking about security: to grasp the reasoning, philosophy, and logic that underlie all successful security efforts.

In Inside the Security Mind: Making the Tough Decisions, security expert Kevin Day teaches you how to approach information security the way the top gurus do—as an art, rather than a collection of technologies. By applying this discipline, your solutions will be more secure and less burdensome in time, expense, and effort. The first part of the book explains the practice of breaking security decisions down into a set of simple rules. These rules may then be applied to make solid security decisions in almost any environment. In the second part, Day uses a series of practical examples to illustrate exactly how the discipline works in practice. Additional material covers:

  • Designing an enterprise security plan, including perimeter/firewall and Internal defenses, application, system, and hardware security
  • Ongoing security measures—recurring audits, vulnerability maintenance, logging and monitoring, and incident response, plus risk assessment
  • Choosing between open source and proprietary solutions; and wired, wireless, and virtual private networks

This book is essential reading for anyone working to keep information secure. Technical and non-technical IT professionals alike can apply Day's concepts and strategies to become security gurus, while seasoned practitioners will benefit from the unique and effective presentation of the essential security practices.


Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

What Other Items Do Customers Buy After Viewing This Item?


Customer Reviews

3 star
0
2 star
0
1 star
0
4.5 out of 5 stars
4.5 out of 5 stars
Most helpful customer reviews
Format:Paperback
Inside the Security Mind:
Making the Tough Decisions
Kevin Day
Prentice Hall 2003
Isbn 0-13-111829-3
Inside the Security Mind is an easy read geared for the novice and as well as the seasoned pro. It starts with the basics and develops a good path to higher security concepts.
Well written with the focus on developing a good security program and implementing training, Inside the Security Mind will guide you through the steps necessary to allow you to define your security goals and policies. Inside the Security Mind was written with the premise in mind, best defined on page 283, which states:
" the evolution of security will not come through technology, but through awareness."
This book is great for helping to develop your own security and training policies and programs, including appendices complete with outlines and web resources to help setup basic computer security training classes within any organization and keep current with ongoing developments. Inside the Security Mind has comprehensive examples and comparisons through out the text demonstrating how to define security guidelines and setting rules by using risk and threat tables.
Written in simple layman's terms Inside the Security Mind starts with an overview of the realities of computer security including the positive and negative risks and covers subjects such as:

Good guys and bad guys: who really is a hacker and who is not. The 4 types of common hackers, who they are, what they are usually targeting and the most common exploits used for attack.
Allows you assess your necessary considerations, efforts, focus and education required to define your security policies and procedures.
Read more ›
Was this review helpful to you?
5.0 out of 5 stars A Must Read Aug. 30 2003
Format:Paperback
A very interesting book, that tries a new approach to security, and tries to avoid the mumbo-jumbo of IT-security and still be valid in a business environment.
Well worth reading, especially his 8 rules, that I decided to adhere to in my future security evaluations.
Don't understand what I'm talking about? Read the book, you will probably find it an enlightening experience (in parts) what regards security.
Was this review helpful to you?
4.0 out of 5 stars Excellent holistic approach to infosec Aug. 19 2003
Format:Paperback
The book provides an excellent holistic approach to information security.
It is highly recommended.
It is not an attempt to be a security cure all, but rather a structured and methodical approach to security.
Was this review helpful to you?
4.0 out of 5 stars Somewhat fun to read and useful too Aug. 4 2003
Format:Paperback
"Inside the security kind" is a quality high-level security book. The book has some nice elements, not found elsewhere. While the content can be found in many other sources, the book excels in material organization. Four virtues of security and eight rules of security provide great summary for those who know the material and represent a great pedagogical approach to it for those who doesn't. Rules of least privilege, of trust, of change, of separation, of the weakest link, etc might sound like simple manifestations of common sense, but are crucial for understanding and implementing security measures.
The book also shares interesting insight on making security decisions using the above eight rules, such as how to estimate risks and design a security architecture. Another interesting topic is the material on building a security team, selecting staff, interviewing. It has a somewhat balanced analysis on hiring hackers, outsourcing security and other "hot" topics in security community.
Among the book drawbacks is that some "analysis" of hackers looks slightly naïve and obtained from books, rather than the real world. The "practical" section serves as illustration of the rules, rather than a complete HOWTO guide.
Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org
Was this review helpful to you?
4.0 out of 5 stars Very readable and worthwhile security reference July 27 2003
Format:Paperback
If you are looking for a straight to the point security book, Inside the Security Mind makes for a very good read.
Day takes a holistic view of network security and uses that methodology to forge a system to approaching computer security and risk.
Inside the Security Mind: Making the Tough Decisions takes a high level approach to security. If you are looking for details on how to secure Active Directory or similar; this is not the book. But if you are looking to find out how to determine the risk of deploying Active Directory or similar technology in a large-enterprise, Inside the Security Mind shoes the way in which to approach that endeavor.
Overall, Inside the Security Mind is a very readable reference. It is light on acronyms, fluff and filler (the dirge of many security books) and heavy on methodology and direction.
If you are interested in determining how to deal with security and risk for your enterprise network, Inside the Security Mind is a good place to start.
While the full title is Inside the Security Mind: Making the Tough Decisions; after reading the book, making the tough security decisions won't be so difficult.
Was this review helpful to you?
5.0 out of 5 stars Inside the Security Mind Review July 16 2003
Format:Paperback
I could not agree more with Stephen Northcutt's Review of Inside the Security Mind. I see this book as a bold and Powerful new approach to thinking about infosec. The rules of security are well thought-out and very effective. Look at a server, a company, a policy, a relationship, and you can evaluate them all through the same series of methodical rules. The language is very eloquent and the style is extremely read-able. I really feel this book should be required reading for anyone wanting to learn Security! The first 1/2 of the book is the best, and the second 1/2 is great for the "practical examples" of how all the peaces fit in the real world works. One big note here: THIS BOOK is NOT for the Tech-Geek looking for a new way to tweak his techy skills. This is book is for those SERIOUS about learning what INFORMATION SECURITY is all about.
Was this review helpful to you?
Want to see more reviews on this item?
Most recent customer reviews
4.0 out of 5 stars A Step Out Of The Trenches
I really enjoyed the first six chapters, especially chapter 3 and 4 and I really feel those 122 pages are worth the price of the book and then some. Read more
Published on April 25 2003 by Stephen Northcutt
4.0 out of 5 stars This is a First
Well, besides the fact that Amazon said it would be "hard cover" and it was actually "soft cover", this was well worth the sacrifice. Its very readable, and I highly recommend it. Read more
Published on April 7 2003 by Tim Jonahan
4.0 out of 5 stars Good
I liked it.... put it along the lines of "Secrets and Lies". Just as interesting, and probably more useful (practical) for most. -just my opinion.
Published on March 28 2003 by Avram Andela
5.0 out of 5 stars Highly recommend
The approach is very nice. The author lays out his concepts and ideology, and then gives real world examples on making decisions and implementing change. Read more
Published on March 27 2003 by Steve
5.0 out of 5 stars Revolutionary :)
This is not a traditional techie "how-to" book; nor does it appear that it was intended to be. Read more
Published on March 26 2003 by John Forge
4.0 out of 5 stars A bit of Fresh Air
I must say I was surprised with this one. If you are looking for just another technical "how-to" book, go somewhere else. This one goes way past that. Read more
Published on March 25 2003 by John M
5.0 out of 5 stars nice :) - Highly Recommended
I just finished "inside the security mind", and I must say I am very very happy with my purchase. Read more
Published on March 3 2003 by Brian Rodgers
Search Customer Reviews
Only search this product's reviews

Look for similar items by category


Feedback