Abbey's Bookshop Logo
Go to my checkout basket
Login to Abbey's Bookshop
Register with Abbey's Bookshop
Gift Vouchers
Browse by Category

Google Book Preview
Security De-Engineering: Solving the Problems in Information Risk Management
— —
Ian Tibble
Security De-Engineering: Solving the Problems in Information Risk Management by Ian Tibble at Abbey's Bookshop,

Security De-Engineering: Solving the Problems in Information Risk Management

Ian Tibble


Whittles Publishing

Network management


332 pages

We can order this in for you
How long will it take?
order qty:  
Add this item to my basket

As hacker organizations surpass drug cartels in terms of revenue generation, it is clear that the good guys are doing something wrong in information security. Providing a simple foundational remedy for our security ills, Security De-Engineering: Solving the Problems in Information Risk Management is a definitive guide to the current problems impacting corporate information risk management. It explains what the problems are, how and why they have manifested, and outlines powerful solutions. Ian Tibble delves into more than a decade of experience working with close to 100 different Fortune 500s and multinationals to explain how a gradual erosion of skills has placed corporate information assets on a disastrous collision course with automated malware attacks and manual intrusions. Presenting a complete journal of hacking feats and how corporate networks can be compromised, the book covers the most critical aspects of corporate risk information risk management. Outlines six detrimental security changes that have occurred in the past decade Examines automated vulnerability scanners and rationalizes the differences between their perceived and actual value Considers security products--including intrusion detection , security incident event management, and identity management The book provides a rare glimpse at the untold stories of what goes on behind the closed doors of private corporations. It details the tools and products that are used, typical behavioral traits, and the two types of security experts that have existed since the mid-nineties--the hackers and the consultants that came later. Answering some of the most pressing questions about network penetration testing and cloud computing security, this book provides you with the understanding and tools needed to tackle today's risk management issues as well as those on the horizon.

By:   Ian Tibble
Imprint:   Whittles Publishing
Country of Publication:   United Kingdom
Dimensions:   Height: 235mm,  Width: 156mm, 
Weight:   454g
ISBN:   9781439868348
ISBN 10:   1439868344
Pages:   332
Publication Date:   December 2011
Audience:   College/higher education ,  College/higher education ,  Primary ,  Primary
Format:   Paperback
Publisher's Status:   Active

PEOPLE AND BLAME Whom Do You Blame? The Buck Stops at the Top? Managers and Their Loyal Secretaries Information Security Spending-Driving Factors in the Wild Do Top-Level Managers Care About Information Security? Ignoring the Signs Summary The Hackers Hat Colors and Ethics Hacker Defined Zen and the Art of Remote Assessment The Hacker through the Looking Glass Communication, Hyper-Casual Fridays, and Maturity Hacker Cries Wolf Unmuzzled Hackers and Facebook Summary Checklists and Standards Evangelists Platform Security in HELL CASE Survival Guidelines CASEs and Network Security Security Teams and Incident Investigation Vulnerability/Malware Announcements This Land Is Our Land Common CASE Assertions Summary DE-ENGINEERING OF SECURITY How Security Changed Post 2000 Migrating South: Osmosis of Analysis Functions to Operations Teams Rise of Automated Vulnerability Scanner Rise of Checklist Incident Response and Management-According to Best Practices Best Practices in Security Service Provision Tip of the Iceberg-Audit Driven Security Strategy Summary Automated Vulnerability Scanners Law of Diminishing Enthusiasm False Positive Testing Revelations Great Autoscanning Lottery Judgment Day Automation and Web Application Vulnerability Assessment Web Application Security Source Code Testing Summary Eternal Yawn: Careers in Information Security Information Security and Strange Attractors Specialization in Security Instant Manager Technical Track Summary Penetration Testing-Old and New Testing Restrictions Restriction 1: Source IP Address Restriction 2: Testing IP Address Range(s) Restriction 3: Exploits Testing Penetration Testing-The Bigger Picture Summary Love of Clouds and Incidents-Vain Search for Validation Love of Incidents Love of Clouds Summary SECURITY PRODUCTS Intrusion Detection Tuning/Initial Costs Belt and Suspenders? DoS the NIDS Hidden Costs Return on Investment Network Intrusion Prevention Systems Summary A Final Note Other Products Identity Management Security Information Event Management Solutions Summary RE-ENGINEERING OF SECURITY One Professional Accreditation Program to Bind Them All C-Levels Do Not Trust Us Infosec Vocational Classifications Requirements of an Infosec Manager Requirements of Security Analyst Regaining Trust: Theoretical Infosec Accreditation Structure Summary Index

Ian Tibble was an IT specialist with IBM Global Services before entering into the security arena. His experience of more than 11 years in information security allowed him to gain practical risk management expertise from both an architectural IT and a business analysis aspect. His experience in Infosec has been with service providers Trusecure (now Verizon) and PricewaterhouseCoopers, and also with end users in logistics, banking, and insurance. He has been engaged with security service delivery projects with close to 100 Fortune 500 companies and multinational financial institutions in Asia (Indonesia, Singapore, Malaysia, Taiwan, Hong Kong, and Australia) and Europe.

This is a passionate call to arms to recognise the contribution of engineering to business. In highlighting what the author believes is a diminishing role of qualified engineers, he lights the lighthouse beacon in the hope that business can thereby avoid crashing into the rocks of avoidable incident and financial loss. -Written by Wendy Goucher, Information security consultant, writing on Read the full review at:

My Shopping Basket
Your cart does not contain any items.