The magazine of the Melbourne PC User Group Spies Among Us - for the bookshelf Major Keary |
 |
The dust jacket of this book carries the following, "How to Stop the Spies,
Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day".
At first sight that suggests at least, to me another exercise in scare
mongering, but don't be misled: this is a straightforward, unadorned examination
of modern security issues. Spies Among Us is an account of how security in its
widest sense is compromised. Literature on the subject, especially
computer-related, has been around for over a decade; Peter Neumann's Computer
Related Risks (1995) is an example, and is still a good text on the subject.
This title brings the reader up to date with the current state of the problem
and solutions.
Spies Among Us covers a much wider field than Neumann, but also uses specific
examples of security failures. The author, an former NSA employee, has a
business that tests security systems; many of his examples are taken from
penetration operations.
Two features impressed me: the book's readability, and its value as a resource
for risk assessment. It is a good read without compromising its technical
integrity by overstating the case, or embellishing a risk by citing hypothetical
and sometimes fanciful exploits.
The first, and most important, step in planning any security system is to make a
threat assessment. There must be a clear understanding of what is at risk, the likely consequence of damage
(whether physical, the result of theft, and so on), and a realistic assessment
of the probability of any of those events happening.
Executives, whether or not they have a direct responsibility for physical or
information security, should read Spies Among Us. There is no requirement for a
technical background to enjoy and appreciate the narrative. Worth recommending
to your local library.
Reprinted from the September 2006 issue of PC Update, the magazine of Melbourne PC User Group, Australia
 |