Click banner for site map
Review: Spies Among Us

Click me to buy me

 

Spies Among Us

How to stop the spies, terrorists, hackers
 and criminals you don’t even know
you encounter every day

Author: Ira Winkler

Published by Wiley, 2005

ISBN 0-7645-8468-5

~US$18 from Amazon

 

Summary

Read this book to appreciate what is (or should be) keeping your Information Security Manager awake at nights, and to understand what he/she probably wants (or ought) to do about it.

About the book’s author

Ira learnt his trade working for the US National Security Agency.  His spooky background provides a somewhat disturbing undercurrent throughout the book but this is neither a James Bond novel, a spy’s training manual nor a shock horror exposé of the murky world of government-backed espionage.  It is in fact a very broad exposition highlighting the urgent need for all organizations to implement suitable information security controls.

Content

Chapter five “How the spies really get you” should be compulsory reading for all managers.  In less than fifty pages, Ira explains how virtually anyone in or associated with the average organization may represent a vulnerability, some more than others.  I challenge any experienced manager to read this chapter without thinking about probable weaknesses in their own organization, perhaps even in their own departments. 

If chapter five piques your interest, I guarantee you will enjoy the rest of the book.  The previous four chapters set the scene, explaining that information security is far more than simply a matter of implementing system/network access controls.  The next six chapters (part II of the book) present compelling case studies built (we are told) around genuine real-world situations.  Ira is known for describing attack methods quite explicitly, meaning that having read the case studies, you will be in a similar position to those who actually committed these attacks.  Each case concludes with a description of the vulnerabilities exploited.

The final two chapters (part III) attempt to redress the balance by explaining how to address the risks presented in the rest of the book and so ‘stop the spies’.  Given the broad nature of the threats and vulnerabilities described in parts I and II, it would be unrealistic to expect to get a complete set of answers in just two short chapters … but that would miss the whole point of the book.  Part III gives an overview of the main elements of most information security programs.  In one, two or occasionally three paragraphs, Ira explains what the average Information Security Manager actually means by concepts such as single sign on and defense in depth.

Conclusion

This book should provide a wake-up call to complacent managers who feel their organizations are somehow immune to industrial espionage, social engineers and even (shock horror) terrorist infiltration.

We have reviewed Ira’s previous book Corporate Espionage and subsequent book Zen and the Art of Information Security elsewhere on this website, which indicates that overall we found his writing enjoyable and worth our time to read and review.

NB homeBook reviews > Spies Among Us >

Copyright © 2010  IsecT Ltd.