free page hit counter

Book reviews
Click banner for site map
Review: The Insider

Clkick me to buy me

 

The Insider

 

A true story

 

Sometimes security is about keeping an eye on those we trust most ...

 

Author: Dan Verton

ISBN: 1-59526-030-7

Publisher: Llumina Press (2005)

182 pages

Price: ~US$27 from Amazon

 

Executive summary

The Insider is built around an extensive collection of real-life security incidents involving both insiders and outsiders. The book is essentially a collection of in-depth news reports, peppered with a few brief notes from anonymous corporate evaluations of a network traffic analysis tool.

Coverage

Author Dan Verton has systematically collated a lot of information on a good number of corporate espionage incidents. Each one is presented straightforwardly in the style of a typical ind-depth news report.  We are fed the facts of the case with relatively little analysis or insight other than that arising from the depth of reporting.

In addition, the book incorporates the results of several short assessments conducted by Reconnex Corporation on a number of clients. Reconnex sells a kind of content inspection firewall system that monitors and scans Internet email, Web traffic, Instant Messaging etc. for sensitive data. The author seems consistently amazed that all manner of personal and proprietary data is found to have been passing to and from the Internet in each assessment, but to be honest we don’t learn much of value beyond the first report . The Reconnex material might have been enough to generate a white paper by itself but adds little to the book.

Depth

The book is largely descriptive rather than analytical in nature, in other words although we learn a lot about what actually happened in each of the cases presented, analysis of the control weaknesses that allowed them to occur is rather limited. It’s left as an exercise for the reader.

Structure

The book is divided into two parts - the first allegedly provides “the insider profile” whole the second covers “the insider impact”. The distinction seems more or less pointless given the lack of analysis.

Writing style and readability

If you like reading newspapers, you will enjoy this book. In places it sounds a bit like a Police officer’s court report, reading aloud from his pocket notebook. The style is factual and easy to follow but some may tire of the constant barrage of facts.

Conclusion

If only the author had collaborated with an information security professional to draw out the risk and control lessons, this would have been a truly worthwhile book. As it is, the stories have a passing interest as a record of security incidents that could perhaps be used as the basis of case studies, but a lot of work is left to the reader’s imagination.
NB homeBook reviews > The Insider >

Copyright © 2008 IsecT Ltd. and licensors