The New School of Information Security and over 400,000 other books are available for Amazon Kindle – Amazon’s new wireless reading device. Learn more

 

or
Sign in to turn on 1-Click ordering.
More Buying Choices
26 used & new from £12.80
Have one to sell? Sell yours here
The New School of Information Security
 
 
Share your own customer images
Search inside this book
Start reading The New School of Information Security on your Kindle in under a minute.

Don t have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

The New School of Information Security [Hardcover]

Adam Shostack (Author), Andrew Stewart (Author)
3.0 out of 5 stars  See all reviews (2 customer reviews)
RRP: £21.99
Price: £18.69 & this item Delivered FREE in the UK with Super Saver Delivery. See details and conditions
You Save: £3.30 (15%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In stock.
Dispatched from and sold by Amazon.co.uk. Gift-wrap available.
Only 2 left in stock--order soon (more on the way).
Want guaranteed delivery by Thursday, September 9? Choose Express delivery at checkout. See Details
22 new from £12.80 4 used from £15.98

Formats

 Amazon Price New from Used from
Kindle Edition £12.85   -- --
Hardcover £18.69   £12.80 £15.98

Frequently Bought Together

The New School of Information Security + Security Metrics: Replacing Fear, Uncertainty, and Doubt + Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI
Price For All Three: £132.47

Show availability and delivery details

Buy the selected items together

Customers Who Bought This Item Also Bought

Security Metrics: Replacing Fear, Uncertainty, and Doubt

Security Metrics: Replacing Fear, Uncertainty, and Doubt

by Andrew Jaquith
£33.99
Security Engineering: A Guide to Building Dependable Distributed Systems

Security Engineering: A Guide to Building Dependable Distributed Systems

by Ross J. Anderson
4.9 out of 5 stars (8)  £26.96
Managing the Human Factor in Information Security: How to Win Over Staff and Influence Business Managers

Managing the Human Factor in Information Security: How to Win Over Staff and Influence Business Managers

by David Lacey
5.0 out of 5 stars (4)  £17.43
Schneier on Security

Schneier on Security

by Bruce Schneier
4.7 out of 5 stars (3)  £12.20
Applied Security Visualization

Applied Security Visualization

by Raffael Marty
£30.39
Explore similar items

Product details

  • Hardcover: 288 pages
  • Publisher: Addison Wesley; 1 edition (26 Mar 2008)
  • Language English
  • ISBN-10: 0321502787
  • ISBN-13: 978-0321502780
  • Product Dimensions: 22.9 x 15.5 x 3.3 cm
  • Average Customer Review: 3.0 out of 5 stars  See all reviews (2 customer reviews)
  • Amazon Bestsellers Rank: 523,331 in Books (See Top 100 in Books)

    •  Would you like to update product info or give feedback on images?

  • See Complete Table of Contents

More About the Author

Adam Shostack
Discover books, learn about writers, and more.

Visit Amazon's Adam Shostack Page

Customers Viewing This Page May Be Interested in These Sponsored Links

  (What is this?)
     School Health & Safety opens new browser window
  ForumBusinessMedia.co.uk   -   Guidance and template documents to help you meet your obligations
     Network Security Monitor opens new browser window
  www.manageengine.com/netflow   -   Continuous Security Monitoring and Bandwidth Analysis. Free Edition!
     IBM IT Data Security opens new browser window
  IBM.com/uk/IT_Security_Solutions   -   Enhance your IT Security with IBM Information security solutions.

Product Description

Product Description

<>“It is about time that a book like The New School came along. The age of security as pure technology is long past, and modern practitioners need to understand the social and cognitive aspects of security if they are to be successful. Shostack and Stewart teach readers exactly what they need to know--I just wish I could have had it when I first started out.”

--David Mortman, CSO-in-Residence Echelon One, former CSO Siebel Systems

 

Why is information security so dysfunctional? Are you wasting the money you spend on security? This book shows how to spend it more effectively. How can you make more effective security decisions? This book explains why professionals have taken to studying economics, not cryptography--and why you should, too. And why security breach notices are the best thing to ever happen to information security. It’s about time someone asked the biggest, toughest questions about information security. Security experts Adam Shostack and Andrew Stewart don’t just answer those questions--they offer honest, deeply troubling answers. They explain why these critical problems exist and how to solve them. Drawing on powerful lessons from economics and other disciplines, Shostack and Stewart offer a new way forward. In clear and engaging prose, they shed new light on the critical challenges that are faced by the security field. Whether you’re a CIO, IT manager, or security specialist, this book will open your eyes to new ways of thinking about--and overcoming--your most pressing security challenges. The New School enables you to take control, while others struggle with non-stop crises.

  • Better evidence for better decision-making
    Why the security data you have doesn’t support effective decision-making--and what to do about it
  • Beyond security “silos”: getting the job done together
    Why it’s so hard to improve security in isolation--and how the entire industry can make it happen and evolve
  • Amateurs study cryptography; professionals study economics
    What IT security leaders can and must learn from other scientific fields
  • A bigger bang for every buck
    How to re-allocate your scarce resources where they’ll do the most good

From the Back Cover

<>“It is about time that a book like The New School came along. The age of security as pure technology is long past, and modern practitioners need to understand the social and cognitive aspects of security if they are to be successful. Shostack and Stewart teach readers exactly what they need to know--I just wish I could have had it when I first started out.”

--David Mortman, CSO-in-Residence Echelon One, former CSO Siebel Systems

 

Why is information security so dysfunctional? Are you wasting the money you spend on security? This book shows how to spend it more effectively. How can you make more effective security decisions? This book explains why professionals have taken to studying economics, not cryptography--and why you should, too. And why security breach notices are the best thing to ever happen to information security. It’s about time someone asked the biggest, toughest questions about information security. Security experts Adam Shostack and Andrew Stewart don’t just answer those questions--they offer honest, deeply troubling answers. They explain why these critical problems exist and how to solve them. Drawing on powerful lessons from economics and other disciplines, Shostack and Stewart offer a new way forward. In clear and engaging prose, they shed new light on the critical challenges that are faced by the security field. Whether you’re a CIO, IT manager, or security specialist, this book will open your eyes to new ways of thinking about--and overcoming--your most pressing security challenges. The New School enables you to take control, while others struggle with non-stop crises.

  • Better evidence for better decision-making
    Why the security data you have doesn’t support effective decision-making--and what to do about it
  • Beyond security “silos”: getting the job done together
    Why it’s so hard to improve security in isolation--and how the entire industry can make it happen and evolve
  • Amateurs study cryptography; professionals study economics
    What IT security leaders can and must learn from other scientific fields
  • A bigger bang for every buck
    How to re-allocate your scarce resources where they’ll do the most good
See all Product Description
Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Table of Contents | Excerpt | Index
Search inside this book:

Tags Customers Associate with This Product

 (What's this?)
Click on a tag to find related items, discussions, and people.
 
(1)

Your tags: Add your first tag
 
See most popular tags

What Do Customers Ultimately Buy After Viewing This Item?

The New School of Information Security
36% buy the item featured on this page:
The New School of Information Security by Adam Shostack Hardcover 3.0 out of 5 stars (2)
£18.69
Security Metrics: Replacing Fear, Uncertainty, and Doubt
24% buy
Security Metrics: Replacing Fear, Uncertainty, and Doubt by Andrew Jaquith Paperback
£33.99
Managing the Human Factor in Information Security: How to Win Over Staff and Influence Business Managers
19% buy
Managing the Human Factor in Information Security: How to Win Over Staff and Influence Business Managers by David Lacey Paperback 5.0 out of 5 stars (4)
£17.43
Schneier on Security
11% buy
Schneier on Security by Bruce Schneier Hardcover 4.7 out of 5 stars (3)
£12.20
Explore similar items
 

Customer Reviews

2 Reviews
5 star:
 (1)
4 star:    (0)
3 star:    (0)
2 star:    (0)
1 star:
 (1)
 
 
 
 
 
Average Customer Review
3.0 out of 5 stars (2 customer reviews)
 
 
 
 
Share your thoughts with other customers:
Most Helpful Customer Reviews

 
2 of 3 people found the following review helpful:
5.0 out of 5 stars Go back to school!, 20 Mar 2009
By Valentin Bondzio - See all my reviews
(REAL NAME)   
This review is from: The New School of Information Security (Hardcover)
"Schooling, instead of encouraging the asking of questions, too often discourages it." (Madeleine L'Engle)

The New School, in contrast, is all about asking questions, questions that might make you cringe but nevertheless need to be asked and answered. The security industry has to overcome the fog of FUD (Fear, Uncertainty, Doubt) and start to embrace the scientific method, even if it means some security practitioners will lose their status as shamans or some current best practises will be proven insufficient or even futile.

I can only imagine how many CISSP's caught their breath when Shostack and Stewart questioned the heavy reliance of companies on it. Many might consider this blasphemy, and I for one still think that the CISSP is a great certification, but it's those challenging questions that have to be asked, challenge everything, no matter how holy it might be to someone, then give answers, using good metrics and data. The status quo that exists in many heads needs to either proved, or disproved, but not kept up by assumptions and passed from generation to generation. We can do better.

Some minor remarks would be that it was hard to follow in the beginning, the first chapters were a bit tenacious to read, but that might be due to me not being 100% fluent, native English speakers might not have that issue. I also would have liked proper endnote labelling, which in my opinion doesn't hinder the reading flow at all and should be taken for granted in a book that insists on "the academic way". I also didn't like the implication of a "dysfunctional" industry, that description might be going in the right direction but was a bit too harsh for my taste.

For those people who say that this book doesn't deliver, let me set one thing straight: This book is not about answers, it's a book about why we have to question, what we have to ask and how we might be able to get the answers we need. A project that sets out to give us these answers will not be done in a 160 pages or even one book. I sure hope that the authors will follow up with another book, I definitely will keep an eye open for their names in the future.

I have to admit that I would rate this book as a 4.5, and that I was inclined to give only 4 stars because of the above mentioned shortcomings, but due to the other 1 star rating, I have to adjust upward. Even the resulting 3 stars doesn't do the book justice. I really hope it will get the attention it deserves, despite the relatively low amazon.co.uk rating, you should also read the comments on Amazon.com, a habit worth picking up for all books.

I will close with a Chinese proverb:

"He who asks a question is a fool for five minutes; he who does not ask a question remains a fool forever."


P.S.
This book makes a very good primer to "Security Metrics" by Andrew Jaquith
Help other customers find the most helpful reviews  
Was this review helpful to you? Yes No


 
3 of 5 people found the following review helpful:
1.0 out of 5 stars Intellectually idle, 8 Jan 2009
By M. Trump "Matthew T" (Manchester, UK) - See all my reviews
(REAL NAME)   
This review is from: The New School of Information Security (Hardcover)
This is a very frustrating book. The authors go on about academic rigour and then simply fail to deliver. They criticise current security practises, but then fail to say what should be done to change them.

Here are a couple of quotes "Opportunities to better understand security by learning from sociology have barely been explored." Then the chapter ends! Surely if you are going to try and create a 'New School' you need to lay out how your new ideas work?

"A second problem is that security policies are typically written in a very clean, simple language that speaks about high-level, theoretical ideas such as "threats" and "risks"."

Well - if you are going to have a pop at current practises then you badly need to provide an example of what you are proposing to use in its place.

In summary, this book reads like a poor undergraduate essay. I cannot recommend it.
Help other customers find the most helpful reviews  
Was this review helpful to you? Yes No

Share your thoughts with other customers: Create your own review
 
 
 
Only search this product's reviews


Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 

Search Customer Discussions
Search all Amazon discussions
   

Listmania!

Create a Listmania! list

Look for similar items by category

Look for similar items by subject























i.e., each product must be in subject 1 AND subject 2 AND ...

Feedback


Amazon.co.uk Privacy Statement Amazon.co.uk Delivery Information Amazon.co.uk Returns & Exchanges

Your Recent History

 (What's this?)

After viewing product detail pages or search results, look here to find an easy way to navigate back to pages you are interested in.