Customer Reviews

Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Professional Education)

5 star:		(18)
4 star:		(4)
3 star:		(1)
2 star:		(0)
1 star:		(0)

 

 

If a company wishes to survive in the current environment where predators of all types are everywhere, then they must protect their assets. It only takes one mistake to open the protective dikes and let a person with malicious intent to gain access to important company information. Therefore, a fundamental part of company protection is educating all their employees in the basics of computer security. To do this, a short course in computer security basics is necessary, which should include behavior guidelines and threats of punishment if they are not followed.
If you are looking for a handbook to use for a short course in computer security, then this book is for you. Short and to the point without any unnecessary jargon, it can be read and understood by everyone. The twenty points presented are unquestionably those that would be in everyone's top twenty list of actions that the standard employee should perform.
Given the recent virus and terrorist threats, government mandated rules for privacy, and the exponential increase in Internet usage, computer security is rapidly becoming the most serious and dangerous issue faced by many businesses. The solution is to educate all employees in the basics of computer security, which can be done using this book as a resource.

How can you educate non-tech personnel on computer security? Buy them this book. It's brief and clear enough for even the most clueless end user to understand!

Companies should be buying this book by the boxload. It will save them a world of aggravation.

Perhaps the greatest vulnerability to our information is lack of awareness. This book is the perfect way to spread the word to help prevent security breaches. The title says it all - everyone from executive managers to human resources to end users can benefit from it. I'm a true believer that people benefit the most from practical advice presented in a non-technical fashion. This book executes that flawlessly.

Consultant Ben Rothke's "Computer Security: 20 Things Every Employee Should Know," is a forty-five page handbook for securing the workplace from McGraw-Hill's Professional Education series. Rothke has written an up-to-date, clear, and concise introduction to the many dangers that lurk in cyberspace. He covers such topics as phishing, spyware, identity theft, e-mail hoaxes, data management, firewalls, and choosing a secure password.

"Computer Security" would be most useful as a handout for new hires who work in a corporate setting. Rothke warns workers to use discretion when surfing the Web, and to avoid downloading anything unless they are sure that it safe. Employers do not look too kindly on employees who use their databases carelessly and frivolously. Attention to confidentiality, assiduously backing up important data, and the ability to avoid introducing viruses or other invaders into the company computer system are essential priorities for every staff member.

This handbook is nicely laid out, easy to read, and relatively jargon free. At the end of the book is a handy glossary of computer security terms. Bulleted lists and summaries reinforce the important points that the reader should remember. This is an excellent introduction to a subject that is vital for anyone who works with computers in a business setting or even at home. A moment of cyber-carelessness can have serious consequences, and preventing trouble is a great deal easier than having to fix it after the fact.

Network security is only as strong as its weakest link. Having top of the line firewalls, intrusion detection, antivirus and other security tools deployed will do little good if a user unwittingly gives his username and password to a malicious attacker. The sad fact is that the users, the employees who use the network, are the weak link in the security chain.

The other issue is that many employees don't truly care about company assets, or at least not enough to embark on a journey to learn about how to better secure them. But, most people have computers at home tha they use personally and have kids that use them. That means that they have a vested interest in learning computer and network security, even if it isn't because they want to safeguard the company network.

Rothke's book provides brief, but clear, explanations of 20 of the most important things that users should know in order to use their computer, e-mail, and the Internet without becoming a victim. Some of the information, such as Use Firewalls and Patches, is really outside the scope of what an employee should know. But, they can apply the information at home and it provides a better understanding of why they need those things at work as well.

Having served as the person in our firm with the most paranoia about computer security, I have been constantly struck by how careless people can be in this area. It's as though computer security can be assumed to be in place . . . rather than being something that needs to be encouraged, nurtured and observed.

While I often read technical manuals on computer security to catch up with the latest, none of those manuals could hope to attract a full reading by anyone who has ever worked for me.

I was delighted to find that the Second Edition of Computer Security: 20 Things Every Employee Should Know has everything in it that I hope all my employees will remember to do.

The book is brief, it's accurate and it's easy to understand.

If you follow Mr. Rothke's advice, most major problems will be avoided.

The book opens by explaining about phishing and spyware by explaining what they are and why an employee should want to avoid them. Here's the advice:

1. Don't reply or click on links asking for personal or financial information.
2. Don't download programs from companies you don't know.
3. Keep your computer secure with pop-up blockers, a fire wall, and anti-virus and anti-spyware software.

I particularly liked the non-technical advice such as the one on avoiding identity theft.

The book also has little case studies of what can go wrong. One of my favorites was an employee who wanted to go home and let a new employee use his security access card so she could keep working.

Where there is a technical element, Mr. Rothke keeps that simple. For instance, protection by having a password that contains both numerals and letters is explained in terms of the new programs that can be used to check standard English words and names in a few minutes.

There are also useful hints that are unrelated to being an employee such as being aware that your company may be tracking your usage. Do you really want people to know all about your personal habits? If not, don't pursue them at work or on a company device?

For more complicated situations, Mr. Rothke explains when to go for help from the company's IT security team. Many people don't realize they can make things worse by trying to fix problems themselves.

Nice going, Mr. Rothke!

It is easy for end-user (i.e. employees) to understand some real-life security problems and the author will provide practical tips and solutions for every topic.
It is an excellent source to reference so as to provide a security awareness training indeed. It is because we should keep something simple. Even we could sella company to purchase this book for their employees. Light-weight and simple but not simplistic handbook is useful for people to understand their positions and roles as well as relevant response and action. in security-related issues.

This little brochure packs a lot of good advice for end-users and non-security managers. While those in the field of security will likely learn nothing new from the book, it will definitely enlighten less computer security savvy (which is the whole point of the book). In fact, it goes a bit beyond computer security and covers broader issues of information security. Some of the topics include dealing with malware, virus hoaxes, securing the laptop, defending against social engineering, disposing of digital media, secure remote access, etc. The book also contains concise and clear glossary of security terms.

The book is great, the only problem remaining is how to make those employees read it and actually follow the advice collected. But this is a different story altogether. I think that getting and distributing copies to just about everybody in the organization will be a good use for the book. It is well-written and easy to follow, so there is a good chance that a decent percentage of those given the copy will at least browse through it - and some of the tips will stick, potentially saving the company from major security incident loss...

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

This is the perfect book for someone whose eyes glaze over when they hear the word phishing. Some of the topics covered in the book are shown below :
Computer Security : 20 Things Every Employee Should Know


I. The CIA Triad : security is wrapped around the fundamental concepts of :

A. Confidentiality
B. Integrity
C. Availability

II. Security Issues : include dangerous areas of phishing and spyware.

A. Phishing : is a form of identity theft, by misleading you to disclose your personal information. Phony e-mail from what appears to be legitimate business asks for updated info and directs you to what also looks like a legitimate site.
B. Spyware : programs that surreptitiously moniters users' actions and provides info to advertisers or steals accounts and passwords. Can use your computer as launching pad for Internet attacks.
i. Often included in free downloads.
ii. Don't reply or click on links requesting personal info
iii. Don't download programs by unfamiliar companies
iv. Secure your computer : set your browser security level to the highest possible for your environment.
1. Block pop-ups
2. Maintain a personal firewall
3. Use anti-virus and anti-spywae software.

III. Identity Theft : when an unauthorized party uses your name, ssn or other
identifying personal information to commit fraud or other misdeed.

A. Is the fastest growing Internet crime
B. Be careful on phone and web
C. Moniter your finances regularly
D. Shred all papers
E. Most threat is from insiders- legitimate users with legitimate access doing illegitimate things.

IV. Passwords : must be a mix on letters and numbers to avoid password cracking
software. (i.e. John the Ripper)

V. Malware : malicious software programs that are intended to compromise
your computer system often through e-mails, attachments, music, etc.
Categories include :

A. Viruses : set of instructions that attach to legitimate software programs and damages through e-mails.
B. Spyware : described above
C. Worms : Stand alone programs that make copies of themselves and travel
throughout computer networks.
D. Trojan Horse : malicious software that tricks users into thinking it is
Harmless when in reality there is a dangerous program embedded inside another.

VI. Telecommuting or Remote Access : Beware because the level of security
outside the office is usually not the same.

A. Encrypt confidential data
B. Use a personal firewall
C. Be attentive to physical security. cables to secure the laptop

VII. Reducing E-Mail Risks

A. Don't open any attachments on e-mail from people you know.
1. Watch out for "forward this to everyone you know"
B. Keep your anti-virus software up to date.

VIII. Incidental Personal Use of Corporate Computers and Resources : use
discretion since you can compromise the entire business network

A. The extent to which employees are permitted access to non-business sites
is a function of the organization.
B. Never install software on any company computer
C. Never visit a chat room, and be careful with instant messaging

IX. Firewalls : software installed on your PC that controls data exchanges
between your computer and the remote site.

A. Regularly update patches.

X. The Importance of Backing up Hard Drives : hard drive provides the long
term memory of a system. It isn't a question of "if" but "when" they will crash.

A. Create a schedule for backup and encryption at least once a month.
B. Take care to back up data properly
C. Store backups confidentially ( encrypted)

This pamphlet sized book is a great training platform for keeping awareness up to par in your organization. It provides a baseline security reminder for 20 of the most key aspects of information security initiatives in an enterprise. This would be a useful aid in a classroom security review program or awareness training course. The points are simple and well written and apply to all users of a network environment.