Scrappy Information Security: A plain-English tour through the world of Intranets, the Internet, Packets, Headers, Ports, ACs, Routers, Bridges, ... Access Cards and Biometrics, which [Paperback]

Michael Seese (Author), Kimberly Wiefling (Editor)

Book Description

Publication Date: May 26, 2009

The Internet, like Elvis, is everywhere. It is in our homes, our places of work, our phones. Unfortunately, cyberspace is teeming with bad people who want to steal our identities, pilfer our corporate secrets, get their grubby little fingers into our online wallets, and -- to add insult to injury -- latch onto our PCs to perpetuate their crimes.

Modern corporations do their best to hammer home the message of security through training, communications, and outright begging. The message often falls on deaf ears, not because employees want to make their workplaces unsafe, but rather, because the topic is so complex and wide-ranging that it simply is overwhelming. As an information security professional, it is my charge to make the online world safer for all of us. None of us tolerates a crime spree in our neighborhood. Likewise, we should not tolerate the current crime wave that is sweeping the Internet, one which truly threatens to stifle the e-commerce and e-communications that we have come to know and rely on.

They say a little knowledge is a dangerous thing. I agree. People need more than a little knowledge to be safe online. They need to understand how encryption, the Internet, and wireless work so that they can put the pieces together -- literally like a jigsaw puzzle -- to reveal the image of a more secure online world. It is my goal to craft those pieces in such a way that the average reader will understand these technologies, and therefore understand how to apply them to both their corporate and personal cyberselves.

This book should be read by anyone who cares about the security and privacy of their online information, and wants to know how to take steps to protect it ... and that should be everyone. This book should be read by anyone who wants to "do the right thing" and ensure that they do not inadvertently compromise their employer's, or their own, sensitive information ... and that should be everyone. This book should be read by anyone who believes that crime is crime, it should be stopped, and wants to know what concrete steps he or she can be take to reduce cybercrime and minimize its impacts ... and that should be everyone.

Product Details

• Paperback: 212 pages
• Publisher: Happy About (May 26, 2009)
• Language: English
• ISBN-10: 1600051324
• ISBN-13: 978-1600051326
• Product Dimensions: 8.3 x 5.5 x 0.6 inches
• Shipping Weight: 9.6 ounces (View shipping rates and policies)
• Average Customer Review: 4.6 out of 5 stars  See all reviews (7 customer reviews)
• Amazon Best Sellers Rank: #1,483,685 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

1 of 1 people found the following review helpful:

5.0 out of 5 stars Informative yet informal, June 23, 2009

By 

P. Nofel "Sierra Hotel Editor" (Cleveland, OH) - See all my reviews
(REAL NAME)   

This review is from: Scrappy Information Security: A plain-English tour through the world of Intranets, the Internet, Packets, Headers, Ports, ACs, Routers, Bridges, ... Access Cards and Biometrics, which (Paperback)

Michael Seese's "Scrappy" book about information security is an informal, yet succinct set of instructions and examples about information security topics ranging from physical security of business information systems to advice for avoid identity theft. It conveys all of the information needed for a solid groundwork in the information security field without becoming an uninteresting, overweight tome suitable only for double-duty as a doorstop.

His engaging writing style draws the reader into what could have been a dry, boring topic by making it interesting and useful, often citing current cultural references to enforce his points.

For those who deal with information technology, whether as informally as being a home computer user, or as formally as an IT careerist, his book is a useful and careful analysis of information security.

3 of 4 people found the following review helpful:

2.0 out of 5 stars Patchy IT security, July 28, 2010

By 

Dr. G. Hinson "Gary" (New Zealand) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: Scrappy Information Security: A plain-English tour through the world of Intranets, the Internet, Packets, Headers, Ports, ACs, Routers, Bridges, ... Access Cards and Biometrics, which (Paperback)

The book is promoted as a guide to information security essentials for "everyone" (meaning, it seems, ordinary IT users, not IT professionals) in plain English. I take that to mean a basic, entry-level and largely non-technical book about the protection of information in all its forms, accessible and of interest to the general population. [Read on to find out what it actually delivers.]

The book covers a decent range of commonplace physical, technical and administrative issues around IT security and to some extent the wider aspects of information security (the 6 pages on social engineering, for example, are worthwhile). However, organizations tend to have rather more information security concerns and controls than home IT users (lots of legal, regulatory and standards compliance issues, for instance, and a raft of security policies and procedures), not all of which are mentioned or well covered.

On a notional `depth scale' ranging from 0% (barely skims the surface) to 100% (PhD material), the content is about 25% with a few higher peaks in certain areas and a few lows. Identity theft, for instance, which is surely a topical and important subject for non-technical Internet users to understand, merits just over one page of coverage - 371 words according to the author. Bridges and routers get the preceding four pages. This is quite inconsistent with the needs of the stated audience.

The insets marked "What it Means" use analogies, it appears, that are presumably intended to illustrate or explain the surrounding points. Most are obscure and, despite understanding the context, some are stretched so far as to leave me perplexed. What drunk-driving has to do with host hardening I still have no idea. My main beef, though, is with the disproportionate amount of "technobabble" in the book. It's even identified as such. After the author's and reviewers' notes pushing this as a non-technical guide, I was surprised to find it covering TCP/IP headers, packet spoofing and so forth in the technical security section: why ordinary users would be expected to know or be interested in such details puzzles me. The physical security section talks about security controls appropriate to a corporate IT facility: it seems rather unlikely that most home users would seriously consider fire suppression and CCTV coverage (other than webcams perhaps, which are not mentioned), let alone access cards - in other words, the content of the book appears to be aimed at office workers, not home users after all. I guess IT people might appreciate the notes on host hardening and DMZs, but the depth, breadth and quality of coverage in such technical matters is way below what would be needed to harden hosts or design/install/manage DMZs.

Scrappy Information Security does not fulfill the promise of being a plain English guide to information security for everyone. There are some minor but annoying technical errors and, more importantly, significant omissions. Of the classic CIA triad at the core of information security, integrity and availability issues are barely mentioned, while privacy and some other confidentiality concerns (such as industrial espionage) are just skimmed. Security aspects of desktop/home software development such as securing spreadsheets and software testing are not mentioned. The only advice I noticed about backups consists of less than a page, for some obscure reason inserted into the section on phishing. "Patchy IT security" would have been a more accurate title.

Despite the glowing endorsements by some well-known industry figures in the preface and marketing blurb, I wouldn't recommend this book to its intended audience: there is too much inappropriate and unnecessary technical content. I also wouldn't recommend it for IT or information security professionals: it is far too superficial. I'm afraid it's hard to think who else might benefit from the book: Generation Y teens, maybe? All in all, it's a disappointing purchase. I seriously wonder whether the endorsers read the same book as me.

5.0 out of 5 stars smaller than a breadbox, November 14, 2010

By 

Doug Nibbelink - See all my reviews

This review is from: Scrappy Information Security: A plain-English tour through the world of Intranets, the Internet, Packets, Headers, Ports, ACs, Routers, Bridges, ... Access Cards and Biometrics, which (Paperback)

I just wanted to say a few words of appreciation in praise of this little book. Scrappy Information Security is an accurate, readable and (gasp) funny walk through the basics of Information Security. It is rare that one of the more technical phone book size InfoSec tomes causes me to laugh out loud (usually I snore). This book got me fired up enough to start planning basic security awareness training around the topics covered within this gem of a paperback. That alone is more than worth the price of admission.