This article can also be found in the Premium Editorial Download "Information Security magazine: With SSL VPNs on the offense, will IPSec VPNs eventually be benched?."
Download it now to read this article plus other related content.
439 pages, $49.95
|The Black Book on Corporate Security|
The "little black book" is synonymous with your college roommate's address book and your Rolodex of industry contacts. Larstan Publishing has taken this concept and applied it to information security with The Black Book on Corporate Security, a collection of security management essays on topics ranging from intellectual property protection to identity theft. As a play on the title, the phone numbers and e-mail addresses of the book's 17 authors are also listed, along with numerous vendor and organizational contacts.
Each essay is written by a different author, and the quality varies from easily digestible to barely readable. The essay "Identity-Aware Business Service Management" makes some valid points, but the authors' writing style obscures rather than illuminates their arguments. In contrast, "Preempting Data Warfare: The Art of Comprehensive Vulnerability Management" is well written and makes its points quite plainly. Author Maria Cirino (a VP at VeriSign) makes clear the often murky distinction between vulnerability scanning and true vulnerability management, and blueprints a comprehensive business strategy.
Although the book strives for neutrality, virtually all of its contributors work for vendors. So, it wasn't surprising to see product names pop up; the case studies and the appendix often read like marketing brochures. Also not surprising, rather than approaching individual agnostic authors, Larstan solicited chapter proposals that appealed to corporate PR departments looking to get their executives (and their products) in print.
The book's biggest flaw, though, is its complete lack of focus. Put together, these essays cover a lot of ground, too much for any single volume to handle. No chapter contains sufficient information to start implementing a new process or policy, and further research will be necessary to produce actionable plans.
The inclusion of a bibliography or a reading list for each chapter would have increased the book's value.
In the end, The Black Book on Corporate Security has some interesting nuggets of insight, but little else. This could be the only "little black book" you won't want to keep.
Visit SearchSecurity.com's Information Security Bookshelf for chapter downloads from these books and more.
Phishing: Cutting the Identity Theft Line
By Rachael Lininger and Russell Dean Vines
John Wiley & Sons
sendmail Milters: A Guide for Fighting Spam
By Bryan Costales and Marcia Flynt
Exploiting Software: How to Break Code
By Greg Hoglund and Gary McGraw
Hacking for Dummies
By Kevin Beaver
Intrusion Detection & Prevention
By Carl Endorf, Eugene Schultz and Jim Mellander
McGraw-Hill Osborne Media
Know Your Enemy: Learning About Security Threats
By Lance Spitzner
This was first published in May 2005