or
Sign in to turn on 1-Click ordering.
 
 
More Buying Choices
36 used & new from £11.93
Have one to sell? Sell yours here
 
   
The New School of Information Security
 
 
Share your own customer images
Search inside this book

The New School of Information Security (Hardcover)

by Adam Shostack (Author), Andrew Stewart (Author)
3.0 out of 5 stars  See all reviews (2 customer reviews)
RRP: £21.99
Price: £14.91 & this item Delivered FREE in the UK with Super Saver Delivery. See details and conditions
You Save: £7.08 (32%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In stock.
Dispatched from and sold by Amazon.co.uk. Gift-wrap available.

Only 2 left in stock--order soon (more on the way).

Want guaranteed delivery by Tuesday, November 10? Choose Express delivery at checkout. See Details
27 new from £11.93 9 used from £15.46

Frequently Bought Together

Customers buy this book with Security Engineering: A Guide to Building Dependable Distributed Systems by Ross J. Anderson

The New School of Information Security + Security Engineering: A Guide to Building Dependable Distributed Systems
Price For Both: £43.44

Show availability and shipping details

Customers Who Bought This Item Also Bought

Security Engineering: A Guide to Building Dependable Distributed Systems

Security Engineering: A Guide to Building Dependable Distributed Systems

by Ross J. Anderson
4.9 out of 5 stars (8)  £28.53
Security Metrics: Replacing Fear, Uncertainty, and Doubt

Security Metrics: Replacing Fear, Uncertainty, and Doubt

by Andrew Jaquith
£21.41
Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI

Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI

by Debra S. Herrmann
£75.99
Applied Security Visualization

Applied Security Visualization

by Raffael Marty
£24.27
Schneier on Security

Schneier on Security

by Bruce Schneier
4.7 out of 5 stars (3)  £12.49
Explore similar items

Product details

  • Hardcover: 288 pages
  • Publisher: Addison Wesley; 1 edition (10 April 2008)
  • Language English
  • ISBN-10: 0321502787
  • ISBN-13: 978-0321502780
  • Product Dimensions: 22.9 x 15.5 x 3.3 cm
  • Average Customer Review: 3.0 out of 5 stars  See all reviews (2 customer reviews)
  • Amazon.co.uk Sales Rank: 382,765 in Books (See Bestsellers in Books)

    •  Would you like to update product info or give feedback on images?

  • See Complete Table of Contents

Customers Viewing This Page May Be Interested in These Sponsored Links

  (What is this?)
   School Health & Safety opens new browser window
www.forumpublishing.co.uk  -  Guidance and template documents to help you meet your obligations 
   Computer Forensics opens new browser window
www.cy4or.co.uk/Forensics  -  Computer Forensics, Litigation Support and Electronic Discovery 
   PCI Security Assistance opens new browser window
www.netlib.com  -  Providing Database Encryption to Business and Government Since 1986 
  
 

Product Description

Product Description

<>“It is about time that a book like The New School came along. The age of security as pure technology is long past, and modern practitioners need to understand the social and cognitive aspects of security if they are to be successful. Shostack and Stewart teach readers exactly what they need to know--I just wish I could have had it when I first started out.”

--David Mortman, CSO-in-Residence Echelon One, former CSO Siebel Systems

 

Why is information security so dysfunctional? Are you wasting the money you spend on security? This book shows how to spend it more effectively. How can you make more effective security decisions? This book explains why professionals have taken to studying economics, not cryptography--and why you should, too. And why security breach notices are the best thing to ever happen to information security. It’s about time someone asked the biggest, toughest questions about information security. Security experts Adam Shostack and Andrew Stewart don’t just answer those questions--they offer honest, deeply troubling answers. They explain why these critical problems exist and how to solve them. Drawing on powerful lessons from economics and other disciplines, Shostack and Stewart offer a new way forward. In clear and engaging prose, they shed new light on the critical challenges that are faced by the security field. Whether you’re a CIO, IT manager, or security specialist, this book will open your eyes to new ways of thinking about--and overcoming--your most pressing security challenges. The New School enables you to take control, while others struggle with non-stop crises.

  • Better evidence for better decision-making
    Why the security data you have doesn’t support effective decision-making--and what to do about it
  • Beyond security “silos”: getting the job done together
    Why it’s so hard to improve security in isolation--and how the entire industry can make it happen and evolve
  • Amateurs study cryptography; professionals study economics
    What IT security leaders can and must learn from other scientific fields
  • A bigger bang for every buck
    How to re-allocate your scarce resources where they’ll do the most good


From the Back Cover

<>“It is about time that a book like The New School came along. The age of security as pure technology is long past, and modern practitioners need to understand the social and cognitive aspects of security if they are to be successful. Shostack and Stewart teach readers exactly what they need to know--I just wish I could have had it when I first started out.”

--David Mortman, CSO-in-Residence Echelon One, former CSO Siebel Systems

 

Why is information security so dysfunctional? Are you wasting the money you spend on security? This book shows how to spend it more effectively. How can you make more effective security decisions? This book explains why professionals have taken to studying economics, not cryptography--and why you should, too. And why security breach notices are the best thing to ever happen to information security. It’s about time someone asked the biggest, toughest questions about information security. Security experts Adam Shostack and Andrew Stewart don’t just answer those questions--they offer honest, deeply troubling answers. They explain why these critical problems exist and how to solve them. Drawing on powerful lessons from economics and other disciplines, Shostack and Stewart offer a new way forward. In clear and engaging prose, they shed new light on the critical challenges that are faced by the security field. Whether you’re a CIO, IT manager, or security specialist, this book will open your eyes to new ways of thinking about--and overcoming--your most pressing security challenges. The New School enables you to take control, while others struggle with non-stop crises.

  • Better evidence for better decision-making
    Why the security data you have doesn’t support effective decision-making--and what to do about it
  • Beyond security “silos”: getting the job done together
    Why it’s so hard to improve security in isolation--and how the entire industry can make it happen and evolve
  • Amateurs study cryptography; professionals study economics
    What IT security leaders can and must learn from other scientific fields
  • A bigger bang for every buck
    How to re-allocate your scarce resources where they’ll do the most good
See all Product Description
Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

Tags Customers Associate with This Product

 (What's this?)
Click on a tag to find related items, discussions, and people.
 
(1)

Your tags: Add your first tag
 
See most popular tags

What Do Customers Ultimately Buy After Viewing This Item?

The New School of Information Security
60% buy the item featured on this page:
The New School of Information Security 3.0 out of 5 stars (2)
£14.91
Security Engineering: A Guide to Building Dependable Distributed Systems
18% buy
Security Engineering: A Guide to Building Dependable Distributed Systems 4.9 out of 5 stars (8)
£28.53
Managing the Human Factor in Information Security: How to Win Over Staff and Influence Business Managers
9% buy
Managing the Human Factor in Information Security: How to Win Over Staff and Influence Business Managers 5.0 out of 5 stars (4)
£19.49
Security Metrics: Replacing Fear, Uncertainty, and Doubt
7% buy
Security Metrics: Replacing Fear, Uncertainty, and Doubt
£21.41
Explore similar items
 

Customer Reviews

2 Reviews
5 star:
 (1)
4 star:    (0)
3 star:    (0)
2 star:    (0)
1 star:
 (1)
 
 
 
 
 
Average Customer Review
3.0 out of 5 stars (2 customer reviews)
 
 
 
 
Share your thoughts with other customers:
Most Helpful Customer Reviews

 
3 of 6 people found the following review helpful:
1.0 out of 5 stars Intellectually idle, 8 Jan 2009
By M. Trump "Matthew T" (Manchester, UK) - See all my reviews
(REAL NAME)   
This is a very frustrating book. The authors go on about academic rigour and then simply fail to deliver. They criticise current security practises, but then fail to say what should be done to change them.

Here are a couple of quotes "Opportunities to better understand security by learning from sociology have barely been explored." Then the chapter ends! Surely if you are going to try and create a 'New School' you need to lay out how your new ideas work?

"A second problem is that security policies are typically written in a very clean, simple language that speaks about high-level, theoretical ideas such as "threats" and "risks"."

Well - if you are going to have a pop at current practises then you badly need to provide an example of what you are proposing to use in its place.

In summary, this book reads like a poor undergraduate essay. I cannot recommend it.
Comment Comment (1) | Permalink | Was this review helpful to you? Yes No (Report this)



 
1 of 2 people found the following review helpful:
5.0 out of 5 stars Go back to school!, 20 Mar 2009
By Valentin Bondzio - See all my reviews
(REAL NAME)   
"Schooling, instead of encouraging the asking of questions, too often discourages it." (Madeleine L'Engle)

The New School, in contrast, is all about asking questions, questions that might make you cringe but nevertheless need to be asked and answered. The security industry has to overcome the fog of FUD (Fear, Uncertainty, Doubt) and start to embrace the scientific method, even if it means some security practitioners will lose their status as shamans or some current best practises will be proven insufficient or even futile.

I can only imagine how many CISSP's caught their breath when Shostack and Stewart questioned the heavy reliance of companies on it. Many might consider this blasphemy, and I for one still think that the CISSP is a great certification, but it's those challenging questions that have to be asked, challenge everything, no matter how holy it might be to someone, then give answers, using good metrics and data. The status quo that exists in many heads needs to either proved, or disproved, but not kept up by assumptions and passed from generation to generation. We can do better.

Some minor remarks would be that it was hard to follow in the beginning, the first chapters were a bit tenacious to read, but that might be due to me not being 100% fluent, native English speakers might not have that issue. I also would have liked proper endnote labelling, which in my opinion doesn't hinder the reading flow at all and should be taken for granted in a book that insists on "the academic way". I also didn't like the implication of a "dysfunctional" industry, that description might be going in the right direction but was a bit too harsh for my taste.

For those people who say that this book doesn't deliver, let me set one thing straight: This book is not about answers, it's a book about why we have to question, what we have to ask and how we might be able to get the answers we need. A project that sets out to give us these answers will not be done in a 160 pages or even one book. I sure hope that the authors will follow up with another book, I definitely will keep an eye open for their names in the future.

I have to admit that I would rate this book as a 4.5, and that I was inclined to give only 4 stars because of the above mentioned shortcomings, but due to the other 1 star rating, I have to adjust upward. Even the resulting 3 stars doesn't do the book justice. I really hope it will get the attention it deserves, despite the relatively low amazon.co.uk rating, you should also read the comments on Amazon.com, a habit worth picking up for all books.

I will close with a Chinese proverb:

"He who asks a question is a fool for five minutes; he who does not ask a question remains a fool forever."


P.S.
This book makes a very good primer to "Security Metrics" by Andrew Jaquith
Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)


Share your thoughts with other customers: Create your own review
 
 
 
Only search this product's reviews


Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 

   

Listmania!

Create a Listmania! list

Look for similar items by category

Look for similar items by subject























i.e., each product must be in subject 1 AND subject 2 AND ...

Feedback

Ad

Your Recent History

 (What's this?)

After viewing product detail pages or search results, look here to find an easy way to navigate back to pages you are interested in.