Most Helpful Customer Reviews
5 of 5 people found the following review helpful:
3.0 out of 5 stars
Very Strong Academically, Barely Strong Practically, Weak Editing, July 9, 2010
I was tasked with building an online course in Cyber security for a major online university, and was assigned the book, "Cyber Security and Global Information Assurance," edited by K.J. Knapp, as the primary textbook for the course.
Knowing that most online students would be in the "continuing education" category, I was hoping that this book would assist those who have some real-world experience into more advanced topics. Unfortunately, the book is highly theoretical and written by academics for academics.
Take chapter 1, for example. In the research of Black Markets for cyber vulnerabilities, the authors selected twelve (12) sites for their study, and based their conclusions on findings from those 12 sites. Never mind that there are literally thousands of hacker, black-market, and torrent sites out there making personal information, exploits and mal-ware available. Because of this tiny data sample, the authors then "hypothesized" and "assumed" their facts and conclusions.
If I were trying to impress a university professor with my scholarship, I would certainly want to include formulae, charts, graphs, and use $100 words, making my thesis appear PhD-ish. This book accomplishes that goal. As an IT systems administrator, however, understanding the sources and theories of cyber exploits is great, but having the actual solutions is better. This book is great on the former, and weak on the latter. "Identify attack paths and block them," is great high-level advice, but there is no "how" or "with what" advice anywhere in that chapter.
It was also clearly evident that many of the contributing authors are not native English speakers, and Mr. Knapp allowed their improper sentence structures and poor grammar to pass through to the final product. Chapter 2, for example, takes the form of a "student's notes" approach to writing. Here's just one out of hundreds of examples: "Amman et al. (2002) shows how assumption of monotonocity helps to address scalability problem of attack graph." [p. 25] Very little proofreading for punctuation was done, either. I don't think Mr. Knapp wanted to offend any of his authors by actually correcting their English; however, that oversight made the book much harder to read than necessary.
Overall, I found the book informative, but I was less impressed with its actual usefulness for system administrators, and was frustrated by the lack of editing.
Help other customers find the most helpful reviews
Was this review helpful to you? Yes
No
5 of 5 people found the following review helpful:
5.0 out of 5 stars
Global Security and Global information Assurance is the reference book for you!!!, June 2, 2009
This review is from: Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions (Advances in Information Security and Privacy) (Hardcover)
Ken Knapp assembled some of the most knowledgeable and credentialed set of contributors. They are among the finest practitioners and academics in cyber security from across the globe.
Right off the bat this book was impressive. The effort to put this book together was obviously a true collaboration by professionals stewarded by consistent editing.
The thorough details and rich evidence expressed in every theory, idea, and argument is evident throughout the book. There was a natural and consistent voice throughout the book. One can recognize the extensive rigor and diligent dialog with the intended audiences, students, professionals, and fellow practitioners. This is one reference book that should be on every serious practitioner's desk.
Each chapter is well written and composed of superior papers by some of the most learned academics and authors in the cyber community. Each author builds their theories from the ground up laying the foundation from the previous work of authors and practitioners of today and the past. Within each chapter and paper the authors backed up their assertions and perspectives with facts and empirical evidence. There is little room to counter such evidence. I was impressed by the 26 pages in the compilation of references listing off the who's who in the world of information assurance.
I could get into every topic, but the book covers 18 chapters from Risk & Threat Assessment through Security Technology. Especially interesting was the papers on Black Markets, Insider Threats, Security Implications, Public Policy between Privacy and Security, Information Sharing, Trusted Computing, and Honeypots. It is well worth your time to read the entire book.
The writing is top notch, college to PHD level, with the obligatory mathematic models and diagrams to explain the technical and theoretical intricacies involved in the analysis of anomalies. This kind of stuff requires deliberate consideration and practice to avoid embarrassment by doing math in public.
This book answers the relevant questions, furthers cyber security theory and public discourse by laying out the issues, discussing key aspects in detail, and points to potential solutions or areas for further investigation.
My only criticism for the entire book was that there was very little if any controversy or issues over interpretation that they were not addressed in this book. When it comes to a great reference book, the community wants to reach for answers not controversy which I have to say was the appropriate approach. The editor kept this book above the day-to-day political muck and turf wars that have plagued the cyber community in recent years and months. This book is among the highest quality reference books on this subject and what I believe to be the standard bearer on cyber security from a global perspective. It was a pleasure to read and review.
Michael Newcomb
DoD Cyber Analyst
Help other customers find the most helpful reviews
Was this review helpful to you? Yes
No
4 of 4 people found the following review helpful:
5.0 out of 5 stars
CS&GIA - A must-have resource, May 29, 2009
This review is from: Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions (Advances in Information Security and Privacy) (Hardcover)
Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions Kenneth J. Knapp Editor March 30, 2009 Information Science Reference
Cyber Security and Global Information Assurance (CS&GIA) is simply a "must-have" book for anyone who is seriously involved in any aspect of information and cyber security. The four sections and eighteen chapters of the book evolve the subject by covering a wide range of relevant and timely topics in this most critical of issues facing our Nation.
Section I - Risk and Threat Assessment is extremely effective in setting the tone for the overall topic in its five chapters ranging from black markets for vulnerabilities to information terrorism.
The largest section of the book, Section II - Organization and Human Security, is comprised of six chapters. Having held the CISO role in a number or organizations including military, government and private sector entities, I found the chapters covering information security standards and human factors of particular interest.
Section III - Emergency Response Planning contains four chapters that cover critical considerations when faced with catastrophic events in the context of our ever increasing reliance on computer systems, networks and information in conducting our daily life and activities.
I found Section IV - Security Technologies to be the weakest of the book and is supported by only three chapters. While two of the chapters address higher level concepts of system security and trusted computing, the last chapter discusses the implementation of "honeypot" technology. The focus on such a specific and narrow technology as "honeypots" seems out of place with the rest of the book that does such a great job of addressing the issues at a higher level.
Academicians, practitioners, and those charged with governance over our nation's critical infrastructures and the networks and systems that support them will derive great value from this book. As an adjunct professor teaching Master-level courses in Information Security Management, I intend to use CS&GIA as required reading in my classes. President Obama is about to release the results of the "sweeping" cyber security review that he commissioned earlier this year. Among other things, it is expected that the creation and appointment of a "cyber security czar" is also forthcoming. If this position becomes reality as expected, I would highly recommend that the newly appointed czar or czarina rush out and get a copy of CS&GIA - s/he will need it!
Ron Baklarz CISSP, CISA, CISM. NSA-IAM/IEM
May 29, 2009
Help other customers find the most helpful reviews
Was this review helpful to you? Yes
No
|
![[Start the discussion]](http://g-ecx.images-amazon.com/images/G/01/x-locale/communities/discussion_boards/start-new-discussion-sec._V192250339_.gif){kind=small}
