Mission-Critical Security Planner and over 2 million other books are available for Amazon Kindle . Learn more


or
Sign in to turn on 1-Click ordering.
More Buying Choices
Have one to sell? Sell yours here
Sorry, this item is not available in
Image not available for
Colour:
Image not available

 
Start reading Mission-Critical Security Planner on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Security Planner w/WS: When Hackers Won't Take No for an Answer [Paperback]

Eric Greenberg
5.0 out of 5 stars  See all reviews (1 customer review)
Price: 25.95 & FREE Delivery in the UK. Details
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In stock.
Dispatched from and sold by Amazon. Gift-wrap available.
Want it Wednesday, 23 April? Choose Express delivery at checkout. Details

Formats

Amazon Price New from Used from
Kindle Edition 24.65  
Paperback 25.95  
Amazon.co.uk Trade-In Store
Did you know you can use your mobile to trade in your unwanted books for an Amazon.co.uk Gift Card to spend on the things you want? Visit the Books Trade-In Store for more details or check out the Trade-In Amazon Mobile App Guidelines on how to trade in using a smartphone. Learn more.

Book Description

28 Jan 2003
Shows step–by–step how to complete a customized security improvement plan, including analyzing needs, justifying budgets, and selecting technology, while dramatically reducing time and cost Includes worksheets at every stage for creating a comprehensive security plan meaningful to management and technical staff Uses practical risk management techniques to intelligently assess and manage the network security risks facing your organization Presents the material in a witty and lively style, backed up by solid business planning methods Companion Web site provides all worksheets and the security planning template

Product details

  • Paperback: 432 pages
  • Publisher: John Wiley & Sons (28 Jan 2003)
  • Language: English
  • ISBN-10: 0471211656
  • ISBN-13: 978-0471211655
  • Product Dimensions: 23.6 x 18.9 x 2.4 cm
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (1 customer review)
  • Amazon Bestsellers Rank: 1,043,056 in Books (See Top 100 in Books)
  • See Complete Table of Contents

More About the Author

Discover books, learn about writers, and more.

Product Description

Review

“…This book is unique in its approach…and in conveying the overall strategy to the reader…”(Managing Risk, Summer 2003)

From the Back Cover

All the worksheets and templates you need to create a complete customized security plan that works for your business Let′s face it: Security is a business problem, not just a technical challenge. Whether hackers simply want to test their skills or steal your data, they can–and will–do incalculable damage to your company. You need a solid plan. The good news is that Eric Greenberg has done most of the planning work for you. This isn′t just an "I told you so" book. You get hands–on involvement from the start. You′ll see your own customized security plan template begin to take shape as you complete the accompanying worksheets. Choose any one of the security plans outlined in this book, and you will be able to protect your data and deter hackers. And by implementing the proven strategies Greenberg details, you can secure your company′s competitive edge for the long term. Backed up by solid business planning methods collected from years of experience, Greenberg: ∗ Steps you through a complete customized security improvement plan ∗ Provides worksheets at every stage that you can use to create a comprehensive and meaningful security plan ∗ Introduces practical risk management techniques to intelligently assess and manage the network security risks and costs facing your organization The book′s companion Web site contains the security planning template and all the worksheets in downloadable Microsoft Word format as well as additional resources to ensure that you have exactly what you need to protect your company.

Inside This Book (Learn More)
First Sentence
Security isn't a product, a feature, or anything that we can simply acquire and then implement, confident that it will work now and forever after. Read the first page
Explore More
Concordance
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

Customer Reviews

4 star
0
3 star
0
2 star
0
1 star
0
5.0 out of 5 stars
5.0 out of 5 stars
Most Helpful Customer Reviews
4 of 4 people found the following review helpful
Format:Paperback
In Mission Critical Security Planner (MCSP),Greenberg advocates an actionable, meaningful security approach that doesn't get hung up on methodology or reliance on abstract standards, like DoD and other common standards.
Greenberg delights in skewering bureaucracies that believe planning and methodology is an end in itself, yet recognizes key business realities facing security advocates and suggests practical approaches to "selling security" within an organization -- an important topic given tight or shrinking budgets.
Greenberg is clearly a security guy and writes with experience and authority -- at times the style is conversational and humorous and at others professorial -- it is a good read for a security-focused text. While providing a strong overview of sound security planning and risk management concepts, MCSP also digs down and provides details where it counts regarding filters, proxies, IDS/VA, configuration management, content management (ActiveX, etc), and so forth yet consistently presents this low-level detail within the framework of an actionable security planning methodology that will be relevant five or even ten years from now. MCSP is anything but a security cookbook of technology discussions gleaned from public sources, although many basic concepts and topics are explained in the book's comprehensive glossary. Instead, the book presents the strengths and weaknesses of various technologies and approaches as they relate to the security improvement process.
MCSP utilizes a sequence of sophisticated worksheets to guide the reader through the security planning process and create a dynamic, actionable security plan -- not a plan that lives on the shelf.
Read more ›
Comment | 
Was this review helpful to you?
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 4.9 out of 5 stars  9 reviews
5 of 5 people found the following review helpful
5.0 out of 5 stars Awesome high-level book 7 May 2003
By Dr Anton Chuvakin - Published on Amazon.com
Format:Paperback
It is very rarely, that you'd see a good high-level security book nowadays. There are lots of great "worm-eye view" books with nice detailed descriptions of attacks, defenses, secure configuration options, tools and tricks. However, many of the high-level books resolve to quoting some outdated CSI/FBI survey, blabbering about security policy and giving out piles of outworldly advice on how to "mitigate risks".
This visionary book proves the opposite: you can have a high-level security book, which is not just practical, but actionable. "Mission Critical Security Planner" delivers a portion of the security process, packed into one toolkit. Make no mistake - this book is about planning how to do security, not how to tweak your scanner or configure a firewall. However, planning is indeed a critical (and, as the author points out, often missing) piece of security conundrum, and the book delivers on that.
An awesome component of the book is a large collection of templates and worksheets on "selling" security measures, planning the implementations, organizing security team, dealing with various business people and many other occasions. The book has the printed versions while its companion website criticalsecurity.com has the download.
The main part of the book is organized around "security fundamentals", large domains of security (such as authentication, encryption, integrity, privacy, etc), which are used to structure the security planning process, described by the author. For each of the fundamentals, the content is organized in sections: summary, security stack (covering various aspects from physical to application level), life-cycle management (from technology selection to response), business (on dealing with various categories of business people, such as suppliers and customers) and selling security (to execs, managers and staff). All of the above contain various templates.
Among the more fun parts, the section on negotiating with hackers is just exclusive and of the never-seen-before kind. Section in hacker profiling is also of interest, since it seems to originate from author's experiences (and not in just reading about it on the news). The book also demystifies such elusive notions as "impact analysis", "security ROI". PKI also has a prominent role in the book. While PKI (as it is defined today) might or might not fly, the book gives a great example of large-scale production implementation, running for many years. Another great feature of the book is author's "future 10 attacks list" with his predictions on threat landscape.
Overall, the book seems indispensable to those responsible for securing networks. Security managers and CSOs will likely gain maximum benefits from using it (due to the book targeting), but other security professionals will benefit as well. Notice, that the benefits can be derived from "using" it as opposed to just "reading" it, although even the latter will prove highly enlightening. The "selling security" templates alone are likely worth their weigh in gold. The book is well-written and, while not possessing the lively style of some recent security books, will beat some of them hands down in real-world applicability. After all, even if you very well know that IDS is valuable, who will help you to "sell" it to the CIO? This book just might!
Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org
4 of 4 people found the following review helpful
5.0 out of 5 stars Greenberg has done 1/2 the work for you 8 Mar 2003
By Priscilla Oppenheimer - Published on Amazon.com
Format:Paperback|Verified Purchase
In Mission-Critical Security Planner, Greenberg lays out all the security elements that should concern you and what questions you should ask about them. With this book, half the battle is won because you at least know how to do the planning. You still have to do the planning, but with the worksheets and tips provided in the book, that will be much easier than it used to be.
I read the book twice: once to get an idea of what all the worksheets were about and once to really read them with all the technical and practical details provided by Greenberg.
Greenberg identifies 28 security elements, including 15 fundamental elements, (six of which are core elements), and 13 wrap-up elements. Core elements include things like authorization and access control, authentication, encryption, integrity, nonrepudiation, and privacy. Those may seem obvious, but Greenberg has a lot of useful things to say about them that others haven't said.
Perhaps the most valuable part of the book is all the other elements, which we tend to forget, including addressing and routing (with tips on how to get those right from a security point of view), configuration management, directory services, time services, staff management, legal issues, and so on.
I'd be interested to see some projects get implemented with Greenberg's methods. I think it should work quite well, although due to entropy, laziness, over-worked engineers, and other such factors, I would guess that some of the numerous worksheets will fall by the wayside. But I think Greenberg would be OK with that as long as most of the worksheets are maintained and the company adopts security as a way of thinking.
In summary, this book is definitely worth reading, probably numerous times!
3 of 3 people found the following review helpful
5.0 out of 5 stars Comprehensive & Practical Security Planner 22 Feb 2003
By A Customer - Published on Amazon.com
Format:Paperback
Greenberg advocates an actionable, meaningful security approach that doesn't get hung up on methodology or reliance on abstract standards, like DoD and other common standards. The book skewers bureaucracies that believe planning and methodology is an end in itself, yet recognizes key business realities facing security advocates and suggests practical approaches to "selling security" within an organization -- an important topic given tight or shrinking budgets.
Greenberg is clearly a security guy and writes with experience and authority -- at times the style is conversational and humorous and at others professorial -- it is a good read for a security-focused text. While providing a strong overview of sound security planning and risk management concepts, MCSP also digs down and provides details where it counts regarding filters, proxies, IDS/VA, configuration management, content management (ActiveX, etc), and so forth yet consistently presents this low-level detail within the framework of an actionable security planning methodology that will be relevant five or even ten years from now. MCSP is anything but a security cookbook of technology discussions gleaned from public sources, although many basic concepts and topics are explained in the book's comprehensive glossary. Instead, the book presents the strengths and weaknesses of various technologies and approaches as they relate to the security improvement process.
MCSP utilizes a sequence of sophisticated worksheets to guide the reader through the security planning process and create a dynamic, actionable security plan -- not a plan that lives on the shelf. Using Greenberg's approach there are three components to the Security Plan: Security Stack (physical, network, application, OS), Life-Cycle Stack (technology selection, implementation, operations, incident response), and Business (information, infrastructure, people). Interestingly, you may have noticed that the Security Stack is similar to the OSI model -- this is typical of the rational and logical approach throughout the book. Using the worksheet approach as a guide, the Security Plan is mapped to 28 pre-defined security elements addressing the core security planning challenges of a distributed computing environment. Based on the worksheets, the impact analysis method approach provides a readily understandable plan that reflects the specific business, technical, and lifecycle tradeoffs in your organization.
Greenberg keeps it interesting with many anecdotes illustrating key points and thought-provoking arguments. For example, he advocates an approach that will hold vendors accountable for poor security by providing a quantifiable method for business software users to track security. The final chapter covers strategic security planning with PKI and provides a roadmap for selling an organization on the benefits of PKI when appropriate.
MCSP is an innovative and useful security book. The book provides security staffers and planners with the logical framework and tools they need to create a comprehensive, living, and actionable security plan enabling the organization to shift from a reactive security posture to a more pro-active approach. Highly recommended.
1 of 1 people found the following review helpful
5.0 out of 5 stars When Hackers Won't Take No for an Answer 20 July 2005
By Graham S. Roberts - Published on Amazon.com
Format:Paperback
excellent reference material has been invaluable to me in the last week and has steered me into making some difficult choices easily
1 of 1 people found the following review helpful
5.0 out of 5 stars Unique and on the mark 21 Mar 2004
By Mike Tarrani - Published on Amazon.com
Format:Paperback
This book, especially if used in conjunction with the author's web site (see ASIN B0000C7RBX), is one of the most valuable additions to the IT security profession that I've read. My reasons for making this bold statement include:
- The book provides a coherent and focused approach to developing and implementing a security plan. You can find numerous books on writing and implementing policies and procedures, or establishing a security posture, but this is the first book I've read that steps you through the process of conceiving, implementing and keeping alive a viable security plan.
- By separating the process into three distinct domains (referred to as 'stacks') you ensure that your plan encompasses and integrates the technology, process and business elements into a coherent strategy.
- Artifacts in the form of a complete set of worksheets provide a set of tools that give a framework and speed up the planning process.
The planning approach set forth in the book is straightforward and realistic - you're led through the preliminaries, which includes conceiving a plan that matches your needs, and selling the plan to sponsors (an often overlooked, but essential activity when fighting for budget). The next step is to perform an impact analysis, and this is where the book shines, because the author focuses on business issues instead of technology. This promotes awareness and goes a long way towards getting buy-in and funding, as well as laying a solid foundation for a long-term security plan. Next the author shows how to select the correct security model and avoid common pitfalls. These lead to building organizational consensus - buy-in from all stakeholders. The difference between this step and the preliminary step of selling to a sponsor and obtaining funding, which is vertical, you need to promote the plan horizontally as well. The final steps are to implement and continuously refine the plan.
Of course, the overview above only describes the approach contained within the book. There is much more to commend it, such as clear writing, superb page design that portrays information in graphs, illustrations and tables, and the details the author provides. There is not a single statement or recommendation that is unsupported, and the material is both sensible and accurate.
Were these reviews helpful?   Let us know
Search Customer Reviews
Only search this product's reviews
ARRAY(0xae5ee750)

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 

Search Customer Discussions
Search all Amazon discussions
   


Look for similar items by category


Feedback