Corporate Espionage
What it is, why it’s happening in your company, what you must do about it
Author: Ira Winkler
ISBN: 0-7615-0840-6
Publisher: Prima Publishing (1997)
365 pages
Price: No longer available new so
search for a good used copy
or check your local library.
Executive summary
This may not qualify as an instruction manual for industrial spies but there’s enough meat on the bones to
point out the very real risks to trade secrets. If your organization’s future relies on its sensitive and valuable
proprietary information, read this book to understand why it is so important to protect them.
Introduction
This was, I believe, Ira Winkler’s first book, published in 1997. It may not have quite the same polish as the later books (Spies Among Us and Zen and the Art of Information Security) but if anything the slight rawness enhances it. It’s very accessible.
Coverage
The eight case studies that form the core of the book are fairly typical penetration test reports. What sets them apart, though, is the way in which Ira describes the penetration step-by-step and then carefully
deconstructs each case to reveal the vulnerabilities exploited.
The earlier sections on risk, value, threat and vulnerability ably cover the basics of information security risk analysis and neatly set the scene for the cases - in fact, they are quite eloquent and reasonably
comprehensive in themselves. If risk analysis is all Greek to you, sit down in a quiet corner to read one of Ira’s books. I’m sure you’ll end up with a better appreciation of the art.
Depth
Although I suspect Ira would resent the comparison, the types of intrusion discussed and the depth of
analysis is about the same as Kevin Mitnick’s books, in other words it is almost entirely non-technical.
Nevertheless, like Kevin, Ira points out just how effective non-technical techniques can be in compromising a typical corporation.
Many of the attack techniques are essentially social engineering, manipulating and deceiving people to get them to do what the attacker wants (normally, to grant them access to a controlled facility or information).
Structure
Corporate Espionage is very similar in style and structure to Ira’s next book, Spies Among Us i.e. first a
section introducing the concepts, then a handful of case studies in the middle, and to finish a short generic section on recommended countermeasures.
Writing style and readability
Ira’s past working for the NSA is a thread common to all his writing. Naturally, we’re never told the true
nature of his previous career which all adds to the aura of mystery and suspense (intentionally, I’m sure) but
his connections with “real spies” and bragging wear a bit thin sometimes, as if he’s trying too hard to
impress the reader with his espionage credentials. Some readers probably enjoy the spy novel feel to Ira’s
writing and, if it gets them to consider information security risks and controls, that’s absolutely fine by me!
Conclusion
Although it is now ten years old and (I believe) no longer in print, Corporate Espionage is still a worthwhile
read if you can find a used copy. The book is entertaining and informative, with the case studies and analysis drawing out some useful lessons for any organization.
|
