Spies Among Us
How to stop the spies, terrorists, hackers and criminals you don’t even know you encounter every day
Author: Ira Winkler
Published by Wiley, 2005
ISBN 0-7645-8468-5
~US$18 from Amazon
Summary
Read this book to appreciate what is (or should be) keeping your Information Security Manager awake at nights, and to understand what he/she probably wants (or ought) to do about it.
About the book’s author
Ira learnt his trade working for the US National Security Agency. His spooky background provides a somewhat disturbing undercurrent throughout the book but this is neither a James Bond novel, a spy’s
training manual nor a shock horror exposé of the murky world of government-backed espionage. It is in fact a very broad exposition highlighting the urgent need for all organizations to implement suitable
information security controls.
Content
Chapter five “How the spies really get you” should be compulsory reading for all managers. In less
than fifty pages, Ira explains how virtually anyone in or associated with the average organization may represent a vulnerability, some more than others. I challenge any experienced manager to read this chapter
without thinking about probable weaknesses in their own organization, perhaps even in their own departments.
If chapter five piques your interest, I guarantee you will enjoy the rest of the book. The previous four
chapters set the scene, explaining that information security is far more than simply a matter of implementing system/network access controls. The next six chapters (part II of the book) present compelling case
studies built (we are told) around genuine real-world situations. Ira is known for describing attack methods
quite explicitly, meaning that having read the case studies, you will be in a similar position to those who
actually committed these attacks. Each case concludes with a description of the vulnerabilities exploited.
The final two chapters (part III) attempt to redress the balance by explaining how to address the risks
presented in the rest of the book and so ‘stop the spies’. Given the broad nature of the threats and
vulnerabilities described in parts I and II, it would be unrealistic to expect to get a complete set of answers in
just two short chapters … but that would miss the whole point of the book. Part III gives an overview of the
main elements of most information security programs. In one, two or occasionally three paragraphs, Ira explains what the average Information Security Manager actually means by concepts such as single sign on
and defense in depth.
Conclusion
This book should provide a wake-up call to complacent managers who feel their organizations are somehow
immune to industrial espionage, social engineers and even (shock horror) terrorist infiltration.
We have reviewed Ira’s previous book Corporate Espionage and subsequent book Zen and the Art of
Information Security elsewhere on this website, which indicates that overall we found his writing enjoyable and worth our time to read and review.
|
