Who sets the audit standards?
Who Sets the Audit Standards? Part 1 of 3
Current security issues, vulnerabilities, and the phenomenon of security theater.
As the title should tell you, this is an unabashedly Windows-oriented book. It's no surprise, considering the authors are both employees of Microsoft. Jesper Johansson is the Senior Program Manager for Security Policy, and Steve Riley is the Senior Program Manager in the Security Business and Technology unit. Both authors are extremely knowledgeable, and participate in speaking engagements around the world on a regular basis.
Microsoft-centric view aside, I deal primarily with Windows-based networks, so I found this book to be extremely informative in my security continuing education. The authors attempt to cover a great deal of ground, so by necessity, some areas are covered in more depth than others. The areas covered are divided into 6 parts: "Introduction and Fundamentals," "Policies, Procedures, and User Awareness," "Physical and Perimeter Security: The First Line of Defense," Protecting Your Network Inside the Perimeter," "Protecting Hosts," and "Protecting Applications."
The book is filled with practical, common sense analysis of security, both with respect to genuinely securing systems, and avoiding practices of "Security Theater." Each chapter ends with a section entitled "What You Should Do Today," reinforcing the action items suggested throughout the chapter. The book also includes a CD containing a few helpful tools. These include a password generator, a HOSTS file that blocks known spyware sites, and a script to revoke SQL Server PUBLIC permissions.
The writing style is at times humorous, and very down-to-earth. This book is valuable both as a casual read, and a comprehensive reference for securing networks. I highly recommend it to anyone in the Information Security field, as well as anyone looking for a place to start educating themselves about network security.