The Art of Deception: Controlling the Human Element of Security (Hardcover)

Reading this book, you will quickly come to realize that Mitnick's toolbox is every bit as effective as the hacking and cracking technology ... and as you read further, it may dawn on you just how hard it is to counter the social engineering attack. After all, much as you might like to, you can't simply plug in a new program to security-patch your employees!

Mitnick's suggested countermeasures in section 4 of the book are fairly straightforward (a wide-ranging security awareness program and a decent set of policies) but implementing them effectively and persuading employees to pay attention requires those very social engineering skills described in sections 1-3.

I'm left with the distinct impression that Mitnick is teasing us by describing a few simple deceptions whilst keeping the best to himself. But think for a moment about the success of the "419" advance fee scams. Otherwise sane, intelligent individuals are evidently being drawn into parting with their hard-earned cash on the basis of these crude deceptions. The implications are truly frightening.

My bottom line: take this book on holiday with you. Once you start, you will not want to put it down and you can reflect on it at the bar. Free drinks anyone?

The book is full of entertaining little stories about how 'social engineers' are able to obtain sensitive information, just by 'asking for it', along with explainations of the techniques used, why it worked, and how you can prevent something similar happening to you.

Given the content, and the quality of the book, it is definitely worth the money. Just dont be dissapointed if you were looking to be able to go and do it yourself.

This statement is not meant to be critical of either the book or of IT\business managers. It is a potential strength of this book. It should have a wide appeal as it is not filled with too much technical detail, and as such could potentially be the catalyst for gaining\increasing management "buy-in" to raising security awareness in an interesting way.

Mitnik's book outlines the key concepts of the most common forms of social engineering attacks and makes the point (several times in fact) that the weakest security link is people and process and not technology. A common theme communicated by many IT security writers and professionals alike.

This is the strength of the book, not as a technical resource or a detailed review of historic attacks and countermeasures, but as an easy to read eye-opener. It is fun to read and leaves the reader with a slightly uncomfortable view of the world, but it does make you think the next time someone asks you one of those seemingly innocent questions.

The most valuable sections are the closing chapters, these contain some good guidelines and ideas for policies, training and awareness raising.

Definitely worth a read, I enjoyed it.