Main Page

Inside the Security Mind: Making the Tough Decisions
By Kevin Day
Publisher: Prentice Hall PTR
Pub Date: February 20, 2003
ISBN: 0-13-111829-3
Pages: 336

"This is a really good book ... it spells out the motherhood and apple pie of information security in a highly readable way."
—Warwick Ford, CTO, VeriSign, Inc.

"An excellent security read! Breaks down a complex concept into a simple and easy-to-understand concept."
—Vivek Shivananda, President

Organizations today commit ever-increasing resources to information security, but are scarcely more secure than they were four or five years ago! By treating information security like an ordinary technological practice—that is, by throwing money, a handful of the latest technologies, and a lineup of gurus at the problem—they invariably wind up with expensive, but deeply flawed, solutions. The only way out of this trap is to change one's way of thinking about security: to grasp the reasoning, philosophy, and logic that underlie all successful security efforts.

In Inside the Security Mind: Making the Tough Decisions, security expert Kevin Day teaches you how to approach information security the way the top gurus do—as an art, rather than a collection of technologies. By applying this discipline, your solutions will be more secure and less burdensome in time, expense, and effort. The first part of the book explains the practice of breaking security decisions down into a set of simple rules. These rules may then be applied to make solid security decisions in almost any environment. In the second part, Day uses a series of practical examples to illustrate exactly how the discipline works in practice. Additional material covers:

  • Designing an enterprise security plan, including perimeter/firewall and Internal defenses, application, system, and hardware security

  • Ongoing security measures—recurring audits, vulnerability maintenance, logging and monitoring, and incident response, plus risk assessment

  • Choosing between open source and proprietary solutions; and wired, wireless, and virtual private networks

This book is essential reading for anyone working to keep information secure. Technical and non-technical IT professionals alike can apply Day's concepts and strategies to become security gurus, while seasoned practitioners will benefit from the unique and effective presentation of the essential security practices.

• Table of Contents
• Index
Inside the Security Mind: Making the Tough Decisions
By Kevin Day
Publisher: Prentice Hall PTR
Pub Date: February 20, 2003
ISBN: 0-13-111829-3
Pages: 336
   About Prentice Hall Professional Technical Reference
      In the Beginning…
      To the Artists
      To the Peer Reviewers
      Special Thanks to:
    Chapter 1.  Introduction
      The Security Mind
      Where Do We Start?
      Where Does It End?
    Chapter 2.  A New Look at Information Security
      Security as an Art Form
      What We Know About Security
      Understanding the Fear Factor
      How to Successfully Implement and Manage Security
    Chapter 3.  The Four Virtues of Security
      Introduction to the Virtues
      The Virtue of Daily Consideration
      The Virtue of Community Effort
      The Virtue of Higher Focus
      The Virtue of Education
      Using These Virtues
    Chapter 4.  The Eight Rules of Security (Components of All Security Decisions)
      Introduction to the Rules
      Rule of Least Privilege
      Rule of Change
      Rule of Trust
      Rule of the Weakest Link
      Rule of Separation
      Rule of the Three-Fold Process
      Rule of Preventative Action (Proactive Security)
      Rule of Immediate and Proper Response
      Incorporating the Rules
    Chapter 5.  Developing a Higher Security Mind
      The Art of Higher Security
      Thinking in Zones
      Creating Chokepoints
      Layering Security
      Working in Stillness
      Understanding Relational Security
      Understanding Secretless Security
      Dividing Responsibilities
      Failing Securely
    Chapter 6.  Making Security Decisions
      Using the Rules to Make a Decision
      The Decision-Making Process
      Example Decision
    Chapter 7.  Know Thy Enemy and Know Thyself
      Understanding the Modern Hacker
      Where Modern Vulnerabilities Exist
      Modern Targets
      Modern Exploits
      Neglecting the Rules: A Hacker's Tale
      Creating Your Own Security Profile
      Becoming Invisible to Your Enemies
    Chapter 8.  Practical Security Assessments
      The Importance of a Security Audit
      Understanding Risks and Threats
      The Traditional Security Assessment Model
      The Relational Security Assessment Model
      Relational Security Assessment Model: Risks
      Relational Security Assessment Model: Controls
      Relational Security Assessment Model: Tactical Audit PROCESS
      Analytical Audit Measures
      Additional Audit Considerations
    Chapter 9.  The Security Staff
      Building a Successful Security Team
      Bringing in Security Consultants
      Outsourcing Security Maintenance
    Chapter 10.  Modern Considerations
      Using Standard Defenses
      Open Source vs. Closed Source Security
      Wireless Networks
      Virtual Private Networking
    Chapter 11.  The Rules in Practice
      Practicing the Rules
      Perimeter Defenses
      Internal Defenses
      Physical Defenses
      Direct Object Defenses
      Outbound Internet Access
      Logging and Monitoring
      Handling Authentication
    Chapter 12.  Going Forward
      The Future of Information Security
   Appendix A.  Tips on Keeping Up-to-Date
      Resources for Staying Informed About Important Security Issues
      Resources for Finding Information on New Vulnerabilities, Threats, and Countermeasures
   Appendix B.  Ideas for Training
      25-Minute Basic Security Awareness Class
      30-Minute Internet Security for End–Users Class
   Appendix C.  Additional Recommended Audit Practices
      Recommended Desktop/Workstation Auditing Tasks
      Recommended Perimeter Auditing Tasks
      Recommended Internal Auditing Tasks
      Recommended Physical Auditing Tasks
      Recommended Controls for Risk Control Policies
   Appendix D.  Recommended Reading
   Appendix E.  The Hidden Statistics of Information Security
      Looking Up the Crime Rate
      The Hidden Statistics
      A Closing Thought on Statistics