Free Book Online
Book The New School of Information Security

Pdf

The New School of Information Security

2.4 (1067)

Log in to rate this item

    Available in PDF - DJVU Format | The New School of Information Security.pdf | Language: ENGLISH
    Adam Shostack(Author) Andrew Stewart(Author)

    Book details


It is about time that a book like The New School came along. The age of security as pure technology is long past, and modern practitioners need to understand the social and cognitive aspects of security if they are to be successful. Shostack and Stewart teach readers exactly what they need to know--I just wish I could have had it when I first started out.”

--David Mortman, CSO-in-Residence Echelon One, former CSO Siebel Systems

 

Why is information security so dysfunctional? Are you wasting the money you spend on security? This book shows how to spend it more effectively. How can you make more effective security decisions? This book explains why professionals have taken to studying economics, not cryptography--and why you should, too. And why security breach notices are the best thing to ever happen to information security. It’s about time someone asked the biggest, toughest questions about information security. Security experts Adam Shostack and Andrew Stewart don’t just answer those questions--they offer honest, deeply troubling answers. They explain why these critical problems exist and how to solve them. Drawing on powerful lessons from economics and other disciplines, Shostack and Stewart offer a new way forward. In clear and engaging prose, they shed new light on the critical challenges that are faced by the security field. Whether you’re a CIO, IT manager, or security specialist, this book will open your eyes to new ways of thinking about--and overcoming--your most pressing security challenges. The New School enables you to take control, while others struggle with non-stop crises.

  • Better evidence for better decision-making
    Why the security data you have doesn’t support effective decision-making--and what to do about it
  • Beyond security “silos”: getting the job done together
    Why it’s so hard to improve security in isolation--and how the entire industry can make it happen and evolve
  • Amateurs study cryptography; professionals study economics
    What IT security leaders can and must learn from other scientific fields
  • A bigger bang for every buck
    How to re-allocate your scarce resources where they’ll do the most good

“It is about time that a book like The New School came along. The age of security as pure technology is long past, and modern practitioners need to understand the social and cognitive aspects of security if they are to be successful. Shostack and Stewart teach readers exactly what they need to know--I just wish I could have had it when I first started out.”

4.2 (5233)
  • Pdf

*An electronic version of a printed book that can be read on a computer or handheld device designed specifically for this purpose.

Formats for this Ebook

PDF
Required Software Any PDF Reader, Apple Preview
Supported Devices Windows PC/PocketPC, Mac OS, Linux OS, Apple iPhone/iPod Touch.
# of Devices Unlimited
Flowing Text / Pages Pages
Printable? Yes

Book details

Read online or download a free book: The New School of Information Security

 

Review Text

  • By Valentin Bondzio on 20 March 2009

    "Schooling, instead of encouraging the asking of questions, too often discourages it." (Madeleine L'Engle)The New School, in contrast, is all about asking questions, questions that might make you cringe but nevertheless need to be asked and answered. The security industry has to overcome the fog of FUD (Fear, Uncertainty, Doubt) and start to embrace the scientific method, even if it means some security practitioners will lose their status as shamans or some current best practises will be proven insufficient or even futile.I can only imagine how many CISSP's caught their breath when Shostack and Stewart questioned the heavy reliance of companies on it. Many might consider this blasphemy, and I for one still think that the CISSP is a great certification, but it's those challenging questions that have to be asked, challenge everything, no matter how holy it might be to someone, then give answers, using good metrics and data. The status quo that exists in many heads needs to either proved, or disproved, but not kept up by assumptions and passed from generation to generation. We can do better.Some minor remarks would be that it was hard to follow in the beginning, the first chapters were a bit tenacious to read, but that might be due to me not being 100% fluent, native English speakers might not have that issue. I also would have liked proper endnote labelling, which in my opinion doesn't hinder the reading flow at all and should be taken for granted in a book that insists on "the academic way". I also didn't like the implication of a "dysfunctional" industry, that description might be going in the right direction but was a bit too harsh for my taste.For those people who say that this book doesn't deliver, let me set one thing straight: This book is not about answers, it's a book about why we have to question, what we have to ask and how we might be able to get the answers we need. A project that sets out to give us these answers will not be done in a 160 pages or even one book. I sure hope that the authors will follow up with another book, I definitely will keep an eye open for their names in the future.I have to admit that I would rate this book as a 4.5, and that I was inclined to give only 4 stars because of the above mentioned shortcomings, but due to the other 1 star rating, I have to adjust upward. Even the resulting 3 stars doesn't do the book justice. I really hope it will get the attention it deserves, despite the relatively low amazon.co.uk rating, you should also read the comments on Amazon.com, a habit worth picking up for all books.I will close with a Chinese proverb:"He who asks a question is a fool for five minutes; he who does not ask a question remains a fool forever."P.S.This book makes a very good primer to "Security Metrics" by Andrew Jaquith

  • By InfoSecMatt on 8 January 2009

    This is a very frustrating book. The authors go on about academic rigour and then simply fail to deliver. They criticise current security practises, but then fail to say what should be done to change them.Here are a couple of quotes "Opportunities to better understand security by learning from sociology have barely been explored." Then the chapter ends! Surely if you are going to try and create a 'New School' you need to lay out how your new ideas work?"A second problem is that security policies are typically written in a very clean, simple language that speaks about high-level, theoretical ideas such as "threats" and "risks"."Well - if you are going to have a pop at current practises then you badly need to provide an example of what you are proposing to use in its place.In summary, this book reads like a poor undergraduate essay. I cannot recommend it.


  • Name:
    Email*:
    The message text*: