Customer Reviews

Scrappy Information Security: The Easy Way to Keep the CyberWolves at Bay

5 star:		(6)
4 star:		(0)
3 star:		(0)
2 star:		(1)
1 star:		(0)

 

 

Michael Seese's "Scrappy" book about information security is an informal, yet succinct set of instructions and examples about information security topics ranging from physical security of business information systems to advice for avoid identity theft. It conveys all of the information needed for a solid groundwork in the information security field without becoming an uninteresting, overweight tome suitable only for double-duty as a doorstop.

His engaging writing style draws the reader into what could have been a dry, boring topic by making it interesting and useful, often citing current cultural references to enforce his points.

For those who deal with information technology, whether as informally as being a home computer user, or as formally as an IT careerist, his book is a useful and careful analysis of information security.

The book is promoted as a guide to information security essentials for "everyone" (meaning, it seems, ordinary IT users, not IT professionals) in plain English. I take that to mean a basic, entry-level and largely non-technical book about the protection of information in all its forms, accessible and of interest to the general population. [Read on to find out what it actually delivers.]

The book covers a decent range of commonplace physical, technical and administrative issues around IT security and to some extent the wider aspects of information security (the 6 pages on social engineering, for example, are worthwhile). However, organizations tend to have rather more information security concerns and controls than home IT users (lots of legal, regulatory and standards compliance issues, for instance, and a raft of security policies and procedures), not all of which are mentioned or well covered.

On a notional `depth scale' ranging from 0% (barely skims the surface) to 100% (PhD material), the content is about 25% with a few higher peaks in certain areas and a few lows. Identity theft, for instance, which is surely a topical and important subject for non-technical Internet users to understand, merits just over one page of coverage - 371 words according to the author. Bridges and routers get the preceding four pages. This is quite inconsistent with the needs of the stated audience.

The insets marked "What it Means" use analogies, it appears, that are presumably intended to illustrate or explain the surrounding points. Most are obscure and, despite understanding the context, some are stretched so far as to leave me perplexed. What drunk-driving has to do with host hardening I still have no idea. My main beef, though, is with the disproportionate amount of "technobabble" in the book. It's even identified as such. After the author's and reviewers' notes pushing this as a non-technical guide, I was surprised to find it covering TCP/IP headers, packet spoofing and so forth in the technical security section: why ordinary users would be expected to know or be interested in such details puzzles me. The physical security section talks about security controls appropriate to a corporate IT facility: it seems rather unlikely that most home users would seriously consider fire suppression and CCTV coverage (other than webcams perhaps, which are not mentioned), let alone access cards - in other words, the content of the book appears to be aimed at office workers, not home users after all. I guess IT people might appreciate the notes on host hardening and DMZs, but the depth, breadth and quality of coverage in such technical matters is way below what would be needed to harden hosts or design/install/manage DMZs.

Scrappy Information Security does not fulfill the promise of being a plain English guide to information security for everyone. There are some minor but annoying technical errors and, more importantly, significant omissions. Of the classic CIA triad at the core of information security, integrity and availability issues are barely mentioned, while privacy and some other confidentiality concerns (such as industrial espionage) are just skimmed. Security aspects of desktop/home software development such as securing spreadsheets and software testing are not mentioned. The only advice I noticed about backups consists of less than a page, for some obscure reason inserted into the section on phishing. "Patchy IT security" would have been a more accurate title.

Despite the glowing endorsements by some well-known industry figures in the preface and marketing blurb, I wouldn't recommend this book to its intended audience: there is too much inappropriate and unnecessary technical content. I also wouldn't recommend it for IT or information security professionals: it is far too superficial. I'm afraid it's hard to think who else might benefit from the book: Generation Y teens, maybe? All in all, it's a disappointing purchase. I seriously wonder whether the endorsers read the same book as me.

I just wanted to say a few words of appreciation in praise of this little book. Scrappy Information Security is an accurate, readable and (gasp) funny walk through the basics of Information Security. It is rare that one of the more technical phone book size InfoSec tomes causes me to laugh out loud (usually I snore). This book got me fired up enough to start planning basic security awareness training around the topics covered within this gem of a paperback. That alone is more than worth the price of admission.

Before I edited Michael's book I felt fairly safe using my computer. I even entered my credit card number to purchase items without having a chill run up my spine. No more! His easy to understand tour through the terrors of cyberspace have left a scar on my psyche.

There are thicker books out there on this topic, but unless you're a cyber-jock, this book is a great introduction to cyber security for individuals and businesses. I'm a scientist by education, with a masters degree in physics and undergrad degrees in chemistry and physics. I certainly COULD understand all of the jargon, but I've got better things to do. And I wouldn't have bothered to support this book as a Scrappy Guide(R) unless I was sure it was an essential guide to getting results in the real world.

I've finally found a book I can strongly recommend to those people that ask the most basic security questions. As a security professional, there are some great books out there for readers that already have a basic grasp of security, especially when it comes to the Internet. But I've struggled to find a book to recommend to those individuals that would get overwhelmed by the major of existing Internet security books. Michael Seese has filled this gap. His text simply and in plain, easy to understand common language, walks users through important security concepts such as phishing, password management, multi-factor authentication and safe Internet surfing.

I whole heartedly recommend this book to those looking for that straight forward, simple explanation of the most important day to day security concepts. A great security awareness text indeed!

Simply put, this is a very good book. If you have ever felt vulnerable to those online bad guys who could, at any time, unbeknownst to you, be stealing your password, your credit card number, or that critical database at work, then THIS is the book to read.

For each potential threat, the author explains how they "get you" and what you can do about it. For each security measure, he explains why it is important and how to use it to its best advantage. But the difference between this book and the dreaded manuals that come from hardware or software companies is that it is written in easy-to-understand, conversational language with ample doses of humor and clever analogies to keep you smirking as you learn. (Technobabble is the domain of propeller heads and a firewall is like the bouncer at a rock club.)

This is an information-packed reference book, but it is also just a darn good read.

When Michael Seese asked me to do a preliminary editing job on a book about Information Security, I said, "yes," even though I had all but the faintest notion of the subject matter. That was before I read Scrappy Information Security.

Michael explained why I have to see a picture of a cow before I can log into my online bank account. I now know the reason I have to retype random, melting strings of numbers and letters into text boxes before the car payment people will send me my password when I forget it each month.

The biggest strength of this book is that Michael explains the different types and levels of Information Security simply and with understandable and highly-entertaining examples.

If you need to put together a training program on Information Security for your business or organization; if you want to learn about the latest scams and the most common sorts of information theft: or if you just want to know why using your birthday as a password is just asking for trouble, Scrappy Information Security does all that and more.

With all the bad guys cruising the information super highway, experts and laymen can both benefit from what's in this book.

Bill Devol
June 26, 2009