Information Security Best Practices: 205 Basic Rules [Paperback]

George L Stefanek (Author)

Book Description

ISBN-10: 1878707965 | ISBN-13: 978-1878707963 | Publication Date: April 2, 2002

Protecting computer networks and their client computers against willful (or accidental) attacks is a growing concern for organizations and their information technology managers. This book draws upon the author's years of experience in computer security to describe a set of over 200 "rules" designed to enhance the security of a computer network (and its data) and to allow quick detection of an attack and development of effective defensive responses to attacks. Both novice and experienced network administrators will find this book an essential part of their professional "tool kit." It is also essential reading for a corporate or organization manager who needs a solid understanding of the issues involved in computer security.

Much literature is available on network and data security that describes security concepts, but offers so many different solutions to information security problems that it typically overwhelms both the novice and the experienced network administrator. This book presents a simple set of rules important in maintaining good information security. These rules or best practices are intended to be a recipe for setting up network and information security. This manual will take the mystery out of configuring an information security solution and provide a framework which the novice as well as experienced network administrator can follow and adapt to their network and data environment.

* Provides practical, "battle tested" rules and guidelines to protect computer networks against different forms of attack
* Covers both network and client level attacks, including attacks via the internet and damage to the physical hardware of a network
* Accompanying CD includes an electronic version of the book

Editorial Reviews

From the Publisher

Much literature is available on network and data security that describes security concepts, but offers so many different solutions to information security problems that it typically overwhelms both the novice and the experienced network administrator. This book presents a simple set of rules important in maintaining good information security. These rules or best practices are intended to be a recipe for setting up network and information security. This manual will take the mystery out of configuring an information security solution and provide a framework which the novice as well as experienced network administrator can follow and adapt to their network and data environment.

About the Author

George L. Stefanek, Ph.D., has over 18 years of experience as a systems administrator and manager of IS/IT departments. He has also consulted on information security issues for such clients as the U.S. Department of Defense.

Product Details

• Paperback: 160 pages
• Publisher: Butterworth-Heinemann (April 2, 2002)
• Language: English
• ISBN-10: 1878707965
• ISBN-13: 978-1878707963
• Product Dimensions: 8.9 x 7 x 0.6 inches
• Shipping Weight: 14.9 ounces
• Average Customer Review: 2.7 out of 5 stars  See all reviews (3 customer reviews)
• Amazon Best Sellers Rank: #882,761 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

11 of 11 people found the following review helpful:

1.0 out of 5 stars Too many mistakes and errors in this book, May 9, 2002

By 

Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews
(REAL NAME)   

This review is from: Information Security Best Practices: 205 Basic Rules (Paperback)

Security 101 dictates the importance of an effective set of information security policies and procedures. The granddaddy of such books is Information Security Policies Made Easy by Charles Cresson Wood that contains over 1000 well-written security policies.

The importance of best practices for information security is easily understood in the post September 11 era, combined with the fact that more and more companies are connecting their corporate networks to untrusted public networks without the appropriate level of security and protection.

With such a need, Information Security Best Practices: 205 Basic Rules sounded like it could fill such a void. Unfortunately, the book suffers from a number of flaws. First, its organizations is not logical. The book starts chapter 1 with the topic of e-mail spam, while a fundamental topics such as network architecture is not dealt with until chapter 5.

The book contains numerous errors. While some are small, many others were rather significant. Innocuously, the author called the ICSA the NCSA, even though its name was changed over 4 years ago. Incorrectly, the book states the an uninterruptible power supply (UPS) will eliminate power surges along power lines. A UPS will provide protection from power surges, but can't eliminate them. Finally, the book states as a best practice to use halon for fire control, yet halon production was banned under the Clean Air Act of 1994.

The author has significant department of defense experience, which explains why the book would suggest security controls such as C2 and TEMPEST shielding. First off, the C2, from the Orange Book has been retired and replaced by the Common Criteria. Secondly, TEMPEST shielding is far too expensive for most companies, combined with the fact that the there are few individuals who are competent in Tempest technology in the private sector, since the specifics of TEMPEST are still classified.

Those looking for a good reference would be better served by reading Information Security Policies Made Easy or its less expensive cohort Writing Information Security Policies by Scott Barman (New Riders, 2001 ISBN: 157870264X)

6 of 6 people found the following review helpful:

2.0 out of 5 stars too many mistakes/no best practices, August 22, 2003

By 

Eric Kent (USA) - See all my reviews

This review is from: Information Security Best Practices: 205 Basic Rules (Paperback)

This book had a lot of potential, but it has far too many mistakes.

It does not take into consideration corporate best practices.

There are better books out there, use them.

5 of 8 people found the following review helpful:

5.0 out of 5 stars Excellent Book, October 16, 2002

By 

Danette Sterna (Lockport, IL United States) - See all my reviews

This review is from: Information Security Best Practices: 205 Basic Rules (Paperback)

I thought this book was very easy to read and understand. I must commend the author for making technical material so easy to understand even for a novice like myself. Everything I wanted to know about information security was in this book. I highly recommend it.