Inside Network Security Assessment: Guarding Your IT Infrastructure [Paperback]

Michael Gregg (Author), David Kim (Author)

Book Description

ISBN-10: 0672328097 | ISBN-13: 978-0672328091 | Publication Date: November 28, 2005

As an IT professional, you need to know how to perform network security assessments. Inside Network Security Assessment: Guarding Your IT Infrastructure is a collection of utilities and templates that will take you through the assessment process. Written by two highly qualified authors with close ties to the International Information Systems Security Certification Consortium, this book was developed with the goal of being a text for the CISSP continuing education class on Network Security Assessment. You will be provided with step-by-step training on assessing security, from paperwork to penetration testing to ethical hacking. You'll save everyone time and money by learning to perform security assessments yourself with the help of Inside Network Security Assessment.

Editorial Reviews

From the Back Cover

As an IT professional, you need to know how to perform network security assessments. Inside Network Security Assessment: Guarding Your IT Infrastructure is a collection of utilities and templates that will take you through the assessment process. Written by two highly qualified authors with close ties to the International Information Systems Security Certification Consortium, this book was developed with the goal of being a text for the CISSP continuing education class on Network Security Assessment. You will be provided with step-by-step training on assessing security, from paperwork to penetration testing to ethical hacking. You'll save everyone time and money by learning to perform security assessments yourself with the help of Inside Network Security Assessment.

About the Author

Michael Gregg, President of Superior Solutions, Inc, has more than 20 years of experience in the IT field, with expertise in security, networking, and Internet technologies. He holds virtually every major security certification and has been instrumental in developing the Villanova University Online Security Curriculum and the CISSP Certification Training Distance Learning Curriculum. David Kim, President of Security Evolutions, Inc, specializes in IT security consulting, training, and courseware development. He is also the COO of the IISSCC and is responsible for the content and product development for the CISSP and SSCP certification credentials and training materials.

See all Editorial Reviews

Product Details

• Paperback: 312 pages
• Publisher: Sams (November 28, 2005)
• Language: English
• ISBN-10: 0672328097
• ISBN-13: 978-0672328091
• Product Dimensions: 9 x 7 x 0.7 inches
• Shipping Weight: 1 pounds (View shipping rates and policies)
• Average Customer Review: 3.7 out of 5 stars  See all reviews (3 customer reviews)
• Amazon Best Sellers Rank: #518,847 in Books (See Top 100 in Books)

More About the Author

Michael Gregg is COO of Superior Solutions, Inc. (www.thesolutionfirm.com), a Houston based information security assessment, penetration testing, and IT security training firm. Mr. Gregg is responsible for helping corporations establish and validate enterprise wide information security programs and controls. He is an expert on cyber security, networking, and Internet technologies.

While consulting consumes a large amount of Michael's time, he has contributed to more than 10 books and has spoken at security, technology, and educational conferences such as ISC2's Security Leadership Conference, Hacker Halted, Government Technology Conference (GTC), National Credit Union Administration (NCUA) IT Conference, and The American College of Forensic Examiners.

Michael has appeared in numerous media outlets including The New York Times, Fox News, Canadian News (BNN), Kiplinger as well as NPR, ESPN, and other major networks. He holds two associate's degrees, a bachelor's degree, and a master's degree. He presently maintains many certifications including CISSP, CISA, CISM, etc.

Customer Reviews

Most Helpful Customer Reviews

3 of 3 people found the following review helpful:

4.0 out of 5 stars Excellent overview of current state of the art for network security assessment, April 23, 2006

By 

uniq "uniq" (El Dorado Hills, CA United States) - See all my reviews
(VINE VOICE)   

This review is from: Inside Network Security Assessment: Guarding Your IT Infrastructure (Paperback)

If you need an overview of the current state of the art for network security assessment - this book is for you. It describes a security assessment process end-to-end, covering all aspects of it: reasons for the assessment, risk assessment methodologies, scoping of an assessment project and its goals, how to conduct the assessment, what to put into the final report, and what is involved in the post-assessment activities. The book also gives an overview of contemporary government standards and security evaluation tools, and even offers security assessment forms and a sample report. This book is *NOT* a detailed description of the intrinsic and technology behind the attacks or ways of warding them off, even though the authors do a superb job of explaining most major concepts and terms.

While anything that ends with the word "process" promises the excitement of watching paint dry, I've found this book quite informative and written very well. For me, it is more important to understand than remember; every statement in a book is logically solid and supported by a reason or explanation. With respect to this, the authors have not disappointed me.

I disagree with negative comments mentioned in the F. Yan's review below. For example, indeed, on page 111 the authors stated that the greatest threat to an organization and its IT infrastructure are employees, contractors, and third-party users; on the same page they named insecure computing habits of the *employees* as the 2nd threat, and on page 112 they listed *disgruntled* employees as the 3rd greatest threat. I don't see any contradiction, since disgruntled employees are a subset of the total population of employees. Similarly, I could not find validation to other negative comments.

Nevertheless, the book has a couple of rather small shortcomings. One is a bit dry style of some chapters consisting primarily of bullet point lists, although the points themselves are sharp, concrete, and important. I also wish that the book's cover were made from a more practical and durable material.

Overall, this is an excellent and useful book, that delivers on its promises.

2 of 2 people found the following review helpful:

4.0 out of 5 stars Broad Range of Information, March 4, 2006

By 

John Bailey (Sunnyvale, CA) - See all my reviews

This review is from: Inside Network Security Assessment: Guarding Your IT Infrastructure (Paperback)

In my experience what's important is to have an overall structure when performing any task. That's one of the things I liked about this book as it didn't get bogged down with an endless review of a million tools. The book offers a look at the bigger picture providing information on the overall structure and flow of the assessment. While it is evident that it was written by two writers, those individuals planning on performing an assessment or involved with one should find this book useful. I believe this book would also be helpful to people new to the security assessment area. When reading a book my objective is to learn something I did not know before or to add to my skill set. This book met that mark for me.

2 of 4 people found the following review helpful:

3.0 out of 5 stars This book needs better editing and review, February 2, 2006

By 

F. Yan (Sydney, Australia) - See all my reviews
(REAL NAME)   

This review is from: Inside Network Security Assessment: Guarding Your IT Infrastructure (Paperback)

After reading a few chapters of the book, I find this book was not thoroughly edited or reviewed before being published. It is not well structured while it is inconsistent and even self-contradictory.

Take chapter 6 as an example. In terms of bad structure, the overview presented four characteristics about attackers, but in the chapter only two have big headings.

Also, when the four kinds of attacks are discussed, it starts off with a paragraph of short description for each. Then it goes to further not-so-detailed (or even repeated) explanation for each attack. Why can the short description and the not-so-detailed explanation for each attack NOT be combined?

On inconsistency: while there is a tip for a few security countermeasures after discussing coordinated attacks, there are none for the other three kinds of attack.

On self-contradiction: the authors say the greatest threat is internal/disgruntled employees. Then on the following page it mentions disgruntled employees again in a different heading but as the "third" greatest threat.

I am sure the authors are very technically knowledgeable in security as the book provides a lot of security-related materials. However, they need to polish their writing skills so that the next book they write will not be as chaotic as this one.