• List Price: CDN$ 55.99
  • You Save: CDN$ 15.61 (28%)
Usually ships within 3 to 5 weeks.
Ships from and sold by Amazon.ca. Gift-wrap available.
Inside the Security Mind:... has been added to your Cart
+ CDN$ 6.49 shipping
Used: Acceptable | Details
Sold by anybookltduk
Condition: Used: Acceptable
Comment: This is an ex-library book and may have the usual library/used-book markings inside.This book has soft covers. In fair condition, suitable as a study copy.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Inside the Security Mind: Making the Tough Decisions Paperback – Feb 20 2003

4.5 out of 5 stars 14 customer reviews

See all formats and editions Hide other formats and editions
Amazon Price
New from Used from
"Please retry"
CDN$ 40.38
CDN$ 40.38 CDN$ 2.12

Harry Potter Book Boutique
click to open popover

Frequently Bought Together

  • Inside the Security Mind: Making the Tough Decisions
  • +
  • Security Engineering: A Guide to Building Dependable Distributed Systems
Total price: CDN$ 108.35
Buy the selected items together

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Product Details

  • Paperback: 336 pages
  • Publisher: Prentice Hall; 1 edition (Feb. 20 2003)
  • Language: English
  • ISBN-10: 0131118293
  • ISBN-13: 978-0131118294
  • Product Dimensions: 17.5 x 2 x 23.1 cm
  • Shipping Weight: 499 g
  • Average Customer Review: 4.5 out of 5 stars 14 customer reviews
  • Amazon Bestsellers Rank: #191,201 in Books (See Top 100 in Books)
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

  • See Complete Table of Contents

Product Description

From the Inside Flap

PrologueIn the Beginning...

It has been nine years since I first took up the sword to ward off a malicious two-headed hacker that was invading my lands. Over the past nine years I have witnessed a great deal of carnage and gore in the information security world. Securing everything from governments, Fortune 500 companies, health-care giants, medical research institutes, and even the good, old mom-and-pop shops has led me though a long maze of questioning and discovering. I have lived a cycle of life starting from the intrigued beginner, to the sworn hands-on technologist, to the enthused architect, to the senior advisor, and finally, the simple philosopher.

Like many philosophers, I cannot claim the ideas and practices in my book to be my own. They have simply been the inspiration of security related events and studies that have passed before me over the years. Eventually, the mind begins to notice things, patterns to what otherwise seems like simple madness. I began to realize what an incredible tool the recognition of these patterns presented; weapons of defense that can be wielded by everyone, not just by the security experts and the technically elite.

Here, I invite you to use these same weapons to protect your own homeland. The practices contained in this book have been proven time and again in direct combat with the enemy. The companies that have unfixed their eye from the size of their cannons and focused instead on the principles presented here have achieved security without a great deal of effort. For you see, the determining factors in a successful battle are not simply the technologies used, but the planning, strategizing, and decision making that take place before, during, and after the battle is complete.

Today, too many battles have been lost while following the commonly adopted guns and swords of information security. Too much blood has been spilled and too many retreats have been sounded in the chambers of our corporate lords. The first line of this book states, "The time has come for a different way of thinking about information security." What we are about to look into is not really "new" at all, but time honored practices of the ages, simply presented in a new and effective way.

Who Should Read this Book?

Inside the Security Mind was written in such a manner that anyone with the most basic IT knowledge will be able to read it. This was done with great care as I truly believe that everyone associated with technology within an organization should read this book. The chapters build upon constant and universally applicable rules of security that everyone should know and practice. Rather than having to spend years in study or practicing in the industry, however, the reader has only to grasp the concepts presented here. That is the goal of this book, to provide the reader with tools to think like a security expert and to correct the many flaws that currently plague the information security world. As such, I highly encourage the following people to read this book:

  • IT Managers. This book is designed to help the reader make good, effective, and consistent security decisions without a great deal of study. Today, security should be a concern for all IT-related managers and directors, and for many who are not directly related to IT. Even if you are not responsible for any specific security practice, it is important to protect your department, facility, or corporation from the many security and availability threats in the world. The majority of successful security attacks over the past few years could have been prevented if the local staff only had been aware of security. When the concepts contained herein are understood and practiced, you will become "security aware" without having to take a class or learn how to install a firewall. I highly encourage those in charge of any aspect of IT to read this book and recommend it to your IT employees.
  • Technical Gurus. As has become obvious over the years, every piece of information technology is in need of security focus. It is impossible to implement a server, router, application, VPN, or wireless extension without affecting the security of the rest of the organization. As such, anyone dealing with technology should have security awareness while performing their daily duties. This book is designed to create a high degree of such awareness and provide tools and techniques that can be applied to every type of technology, whether designing, developing, or implementing it. In the final sections, we will explore several technologies that require the most security care, and we will discuss how to safely implement them. Going far beyond this, however, the guidelines given throughout the book can and should be applied to all technologies. After reading this book, the next time you hook up a router, install a server, or bring up a new WAN link, you will know where to look for the security implications and how they should be addressed, regardless of the specific technology.
  • Up-and-Coming Security Practitioners. The concepts presented in this book represent the heart and soul of information security. Anyone desiring to be a security professional should become thoroughly familiar with them. So put down that firewall manual, take a break from configuring the IDS sensor, and venture to read what security is all about. This book is probably the quickest way to advance to the next level in your security abilities.
  • Seasoned Professional Security Practitioners. This will be a great book for building on concepts you probably already have in your head. I have found it of great use to have the concepts that are normally flitting about in the back of the mind, laid out in plain sight. Beyond this, Inside the Security Mind provides a great structure for you to build security practices, and is quite helpful in conveying security concepts to your managers, directors, employees, and clients.
How to Read this Book

As you have no doubt concluded, this is probably not going to be your everyday IT reading experience. The style of this book was not adopted just to be cute and friendly, but rather to set the proper mood. In a moment, you will turn to Chapter 1, and you will not find a formal textbook on information security, but a true-to-life guide on surviving in the IT industry. This book requires only that the reader proceed with an open mind and an expectation of something pleasantly different. I would not be surprised if there are sections within this book that contradict the practices you have read or seen in the past, and perhaps, at the conclusion of the book, we will all agree on why.

The book flows linearly with each concept building upon the concepts presented before it. In the beginning, we will cover The Virtues of Security, basic understandings of how security should be embraced within an organization. We will then build upon those virtues to derive The Eight Rules of Security, practical concepts that can be easily applied in just about every situation. Next, you will find higher concepts that build upon the rules, and then, finally, a plethora of practical applications where all of this information is synthesized into real-world uses.

As you can probably guess, this is not a book with which one should skip back and forth through the pages searching for a specific topic. In order to fully understand the recommendations on protecting your VPNs, for example, you must first understand the virtues, rules, and concepts that the recommendation has been built upon. As such, I would highly recommend reading Inside the Security Mind in its entirety, even the sections that may not seem to directly apply to your environment. Sections within this book that deal with specific technologies actually apply universally and will often yield information to help apply the same concepts elsewhere.

This brings me to my next point. When reading this book it is crucial to not get to sidetracked with any specific technologies mentioned. While we will certainly delve into specific areas to help hone in the concepts, all sections are built upon the same reasoning, understanding, and philosophy. Thus, while I am saying "a server", it is also applicable to a router, room, application, network, and employee. Our goal here is far more than simply implementing a firewall and monitoring our intrusion detection system.

Making the Tough Decisions

The main goal of this book is to arm you with the ability to make good security decisions in all situations either simple or complex. Because the human thought process is a vastly complex beast, I have attempted to isolate the major points that should always flash through the mind when making a decision. After we have journeyed through the virtues, rules, and higher practices, you will find a short chapter describing how to use this information to make a good security decision. This section is a synthesis of everything that came before it, and is a good example of how one should think with a security mind. If you follow this section with an open mind, you may find that all of your security problems follow a similar flow. You will surely notice that some of the comments I make do not apply in every situation, but the heart of the process is extremely effective in recognizing and solving security problems.

Beginning at the End

As a final thought before venturing on I believe it would be helpful to understand the ultimate purpose of this reading. So, if I may, I invite you to take a glimpse at the conclusion that it may stay in your mind during the gap between page turns.

"To date, security has been a goal unachieved by many organizations. For some, information security appears to be a large, untamable beast that they simply hope will not bite them. As we have seen, though, security is not a monster, but rather a series of interrelated core concepts surrounded by an infinite number of possibilities. By taking our eyes off the infinite possibilities and focusing on the core concepts presented in this book, security becomes a much easier matter to comprehend and deal with. Placing proper focus on daily practices allows organizations to break away from the traditional security nightmares and makes security a natural extension of everyday actions."

"When an organization makes decisions using a developed security mind, it separates itself from the struggles and costs commonly associated with information security. In this infinitely dynamic world of IT, practicing such higher principles of security is the only chance we have to defend ourselves against enemies. If organizations continue to embrace new security technologies without developing a higher understanding of security, the enemies will simply be required to develop new and more clever technologies with which to attack us. However, when organizations begin to develop a security mind, they will begin to transcend such common "thrust and parry tactics," and through these efforts, emerge from the war victorious."

From the Back Cover

"This is a really good book ... it spells out the motherhood and apple pie of information security in a highly readable way."

—Warwick Ford, CTO, VeriSign, Inc.

"An excellent security read! Breaks down a complex concept into a simple and easy-to-understand concept."

—Vivek Shivananda, President

  • Redefine your organization's information security
  • Learn to think and act like a top security guru!
  • Understand the founding principles of security itself and make better decisions
  • Make your security solutions more effective, easily manageable, and less costly!
Make smarter, more informed security decisions for your companyOrganizations today commit ever-increasing resources to information security, but are scarcely more secure than they were four or five years ago! By treating information security like an ordinary technological practice—that is, by throwing money, a handful of the latest technologies, and a lineup of gurus at the problem—they invariably wind up with expensive, but deeply flawed, solutions. The only way out of this trap is to change one's way of thinking about security: to grasp the reasoning, philosophy, and logic that underlie all successful security efforts.

In Inside the Security Mind: Making the Tough Decisions, security expert Kevin Day teaches you how to approach information security the way the top gurus do—as an art, rather than a collection of technologies. By applying this discipline, your solutions will be more secure and less burdensome in time, expense, and effort. The first part of the book explains the practice of breaking security decisions down into a set of simple rules. These rules may then be applied to make solid security decisions in almost any environment. In the second part, Day uses a series of practical examples to illustrate exactly how the discipline works in practice. Additional material covers:

  • Designing an enterprise security plan, including perimeter/firewall and Internal defenses, application, system, and hardware security
  • Ongoing security measures—recurring audits, vulnerability maintenance, logging and monitoring, and incident response, plus risk assessment
  • Choosing between open source and proprietary solutions; and wired, wireless, and virtual private networks

This book is essential reading for anyone working to keep information secure. Technical and non-technical IT professionals alike can apply Day's concepts and strategies to become security gurus, while seasoned practitioners will benefit from the unique and effective presentation of the essential security practices.

See all Product Description

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

4.5 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See all 14 customer reviews
Share your thoughts with other customers

Top Customer Reviews

Format: Paperback
Inside the Security Mind:
Making the Tough Decisions
Kevin Day
Prentice Hall 2003
Isbn 0-13-111829-3
Inside the Security Mind is an easy read geared for the novice and as well as the seasoned pro. It starts with the basics and develops a good path to higher security concepts.
Well written with the focus on developing a good security program and implementing training, Inside the Security Mind will guide you through the steps necessary to allow you to define your security goals and policies. Inside the Security Mind was written with the premise in mind, best defined on page 283, which states:
" the evolution of security will not come through technology, but through awareness."
This book is great for helping to develop your own security and training policies and programs, including appendices complete with outlines and web resources to help setup basic computer security training classes within any organization and keep current with ongoing developments. Inside the Security Mind has comprehensive examples and comparisons through out the text demonstrating how to define security guidelines and setting rules by using risk and threat tables.
Written in simple layman's terms Inside the Security Mind starts with an overview of the realities of computer security including the positive and negative risks and covers subjects such as:

Good guys and bad guys: who really is a hacker and who is not. The 4 types of common hackers, who they are, what they are usually targeting and the most common exploits used for attack.
Allows you assess your necessary considerations, efforts, focus and education required to define your security policies and procedures.
Read more ›
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse
Format: Paperback
"Inside the security kind" is a quality high-level security book. The book has some nice elements, not found elsewhere. While the content can be found in many other sources, the book excels in material organization. Four virtues of security and eight rules of security provide great summary for those who know the material and represent a great pedagogical approach to it for those who doesn't. Rules of least privilege, of trust, of change, of separation, of the weakest link, etc might sound like simple manifestations of common sense, but are crucial for understanding and implementing security measures.
The book also shares interesting insight on making security decisions using the above eight rules, such as how to estimate risks and design a security architecture. Another interesting topic is the material on building a security team, selecting staff, interviewing. It has a somewhat balanced analysis on hiring hackers, outsourcing security and other "hot" topics in security community.
Among the book drawbacks is that some "analysis" of hackers looks slightly naïve and obtained from books, rather than the real world. The "practical" section serves as illustration of the rules, rather than a complete HOWTO guide.
Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse
Format: Paperback
If you are looking for a straight to the point security book, Inside the Security Mind makes for a very good read.
Day takes a holistic view of network security and uses that methodology to forge a system to approaching computer security and risk.
Inside the Security Mind: Making the Tough Decisions takes a high level approach to security. If you are looking for details on how to secure Active Directory or similar; this is not the book. But if you are looking to find out how to determine the risk of deploying Active Directory or similar technology in a large-enterprise, Inside the Security Mind shoes the way in which to approach that endeavor.
Overall, Inside the Security Mind is a very readable reference. It is light on acronyms, fluff and filler (the dirge of many security books) and heavy on methodology and direction.
If you are interested in determining how to deal with security and risk for your enterprise network, Inside the Security Mind is a good place to start.
While the full title is Inside the Security Mind: Making the Tough Decisions; after reading the book, making the tough security decisions won't be so difficult.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse
Format: Paperback
I really enjoyed the first six chapters, especially chapter 3 and 4 and I really feel those 122 pages are worth the price of the book and then some. After chapter 6, Inside the Security Mind morphs into yet another everything you already know about information security book.
There is treasure, rare treasure in the front of the book. Kevin Day spares us a review of risk management and TCP and instead lays out the information battlescape better than anyone I have seen in a long time. The only other person to shed light on this concept was Dorothy Denning in her classic, Information Warfare & Security. But where Dorothy while comprehensive, was a bit boring with list after list, Kevin Day takes Inside the Security Mind in an entirely different direction.
His words are like a painter with bold brush strokes; he outlines information security in a way that forces even the most hardened techie to stop and rethink the world we live in. When was the last time when you heard about the four virtues of information security? When was the last time you read about virtue for that matter? Something about the philosophical approach of the first six chapters of the book reminds me of The 48 Laws of Power by Robert Greene, but where Power is amoral and more than a bit dark and frightening, Security Mind grabs the high ground and doesn't let go.
Every security manager and technical administrator can benefit from chapter 4, the eight rules of security. Yes we each knew that information at one time, but are we applying those rules all the time? Kevin outlines the concepts and he has me thinking about my data center architecture and some of the design choices we have made recently.
My advice is to read chapter 3 and 4 at least three times.
Read more ›
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse

Most recent customer reviews