The Security Policy Cookbook: A Guide for IT and Security Professionals [Paperback]

Ali Jahangiri (Author)

Book Description

Publication Date: April 25, 2010

Security has become a huge issue in the 21st century and organizations are developing new security policies and tightening up old ones like never before. The Security Policy Cookbook is a unique guide for IT and security professionals to streamline security policy formulation. Based on the 14 years of experience of its author, security expert and trainer Dr. Ali Jahangiri, this book was initiated in workshops and lectures by participants who asked for Jahangiri's security policy templates. "I decided to address the need," says the author, "spending more than two years to study and bring together the contents of this book in order to create a comprehensive collection of security policy templates." Providing "recipes" for security policies in all areas, from password and Internet use policies to intruder user detection and public mailing list policies, this Cookbook provides all the ingredients-in easily customizable formats-for creating easy-to-understand policies to protect your organization. No other book on the market offers this easy, hands-on approach plus definitions of all the key terms. The templates of this book are available in editable, electronic format for ease of use. See www.securitypolicycookbook.com for more details.

Editorial Reviews

About the Author

Dr. Ali Jahangiri is a an information security expert, auditor and trainer with 14 years of experience and achievement across the whole spectrum of technical and management aspects of Information Technology, Information Security, Business Continuity, Networking and Systems Integration and physical security in Information and Communications Technology (ICT) companies. Dr. Jahangiri also has registered and pending patents in the area of network security and cyber forensic. He is a Chartered IT Professional member of the British Computer Society, and a professional member of both the IEEE and the Information Systems Audit and Control Association. He is the author of Live Hacking and Computer Networking Handbook and many other training manuals and technical papers in the area of information security and cyber forensic. His vast professional experience and academic activities are the keys to his success.

Product Details

• Paperback: 160 pages
• Publisher: Dr. Ali Jahangiri (April 25, 2010)
• Language: English
• ISBN-10: 098427152X
• ISBN-13: 978-0984271528
• Product Dimensions: 6 x 9 x 0.3 inches
• Shipping Weight: 7 ounces
• Average Customer Review: 2.0 out of 5 stars  See all reviews (3 customer reviews)
• Amazon Best Sellers Rank: #2,214,304 in Books (See Top 100 in Books)

More About the Author

Dr. Ali Jahangiri (Sc.D, CITP MBCS, LPT, CEH, CHFI, ECSA, CEI, ISMS Lead Auditor, Security+, CIW Security Analyst, MCSE: Security, MBCS, MCSA, MCDBA, CCNA, A+) is the technical director of Secure 1st, a firm that specializes in delivering practical information security and cyber forensic solutions. He has an extensive background in computer science and has worked as an information security auditor, security consultant and technical trainer, gaining experience and reaching achievements across the whole spectrum of technical and management aspects of Information Technology, Information Security, Business Continuity, Networking and Systems Integration and physical security in Information and Communications Technology (ICT) companies.

Dr. Jahangiri conducts more than 1,000 hours training per year in the various subjects in information security and cyber forensics. He also has registered and pending patents in the area of network security and cyber forensics with many published papers in international journals. He is a Chartered IT Professional member of the British Computer Society, and a professional member of both the IEEE and the Information Systems Audit and Control Association.

Dr. Jahangiri has been selected for the Instructor Circle of Excellence Award in 2009 by EC-Council for his Certified Ethical Hacker (CEH) and Certified Hacking Forensic Investigation (CHFI) workshops. Further, he has been selected as a computer scientist from 60,000 other leaders from industries and from 215 countries and territories for the 2010 edition of Marquis Who's Who in the World. His vast professional experience and academic activities are the keys to his success.

Customer Reviews

Most Helpful Customer Reviews

10 of 10 people found the following review helpful:

1.0 out of 5 stars A work of plagiarism, August 20, 2010

By 

Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews
(REAL NAME)   

This review is from: The Security Policy Cookbook: A Guide for IT and Security Professionals (Paperback)

In mid-August, I received a copy of The Security Policy Cookbook: A Guide for IT and Security Professionals. As someone who has seen his fair share of information security policies and is on the Information Security Policy Expert Panel, my initial thought was that this is not an original work.

Before I even got to the content, the author notes his acceptance into the Marquis Who's Who is his bio. I wrote in `What's What with the Who's Who?' that Marquis, like most who's who firms accept nearly everyone who applies, including serial killers. Most of the who's who organizations are in it for the money with zero concern for the so-called honorees. Security professionals looking to advance themselves will find no value in having their names in a who's who, and could in fact be showing their naiveté by promoting their inclusion.

In the book, various policies are detailed, yet lack a sense of cohesiveness. It is as the policies were simply thrown together in a haphazard manner, which is indeed evident in this book. Not the text of the policies are not ineffective, rather the cut and paste approach, which the author did, and advocates, is a surefire way to ensure that information policies won't work. Policy creation is just one part of an effective security policy project, and focusing strictly on the text of the policies is simply inadequate.

Of the books 32 chapters, 20 were direct copies from State of Texas Department of Information Resources (DIR) Guidelines, Checklists & Templates. This book seems to follow the same course of action `How To Become The Worlds No. 1 Hacker' took, copy the content without attribution. For a complete list of the chapters and sources, see the listing at Attrition.

The DIR wants their templates to be used for the greater good, but with attribution. According to their Link Policy, "they shall not misinform users about the origin or ownership of DIR content. Certain information on DIR may be trademarked, service-marked, or otherwise protected as intellectual property. Protected intellectual property must be used in accordance with state and federal laws and must reflect the proper ownership of the intellectual property".

The Security Policy Cookbook is proof that we live in an era where content is effortless to obtain. Googling information security policy with filetype:pdf results in over 17,000 hits. That is a lot of content in which to freely use. The corollary is that those who try to claim such content as their own will just as easily be found.

Many people write books for the fame. Yet that fame turns into infamy when it is discovered that the author is a plagiarist.

`The Security Policy Cookbook' and like it `How To Become The Worlds No. 1 Hacker' were both self-published, and therefore lack the editorial scrutiny which is to be expected from an established publishing house.

Richard O'Hanley, Publisher at CRC Press in the IT, Business & Security Group, notes that he has seen plagiarism as a steadily escalating problem. So much so, that they frequently run manuscripts through a plagiarism checker. O'Hanley said "it seems that just as people expect web content to be free, they expect to be able to use it freely as well, without concern for rights and attribution. The ease with which people can cut-and-paste from multiple sources only exacerbates the problem".

For those that want to write books on security, there is plenty of opportunity and numerous publishing houses that desperately want good content. Of course, such an approach takes time and effort. But the industry does reward such efforts.

Attempting to bypass those practices via plagiarism, especially in an industry where ethics and trust are paramount, ultimately begs the question: what was he thinking?.

11 of 12 people found the following review helpful:

1.0 out of 5 stars Plagiarised..., August 20, 2010

By 

Mr. P. D. Boniface - See all my reviews
(REAL NAME)   

This review is from: The Security Policy Cookbook: A Guide for IT and Security Professionals (Paperback)

If the Author can do it, I can do it to..

[...]

In the book, various policies are detailed, yet lack a sense of cohesiveness. It is as the policies were simply thrown together in a haphazard manner, which is indeed evident in this book. Not the text of the policies are not ineffective, rather the cut and paste approach, which the author did, and advocates, is a surefire way to ensure that information policies won't work. Policy creation is just one part of an effective security policy project, and focusing strictly on the text of the policies is simply inadequate.



Of the books 32 chapters, 20 were direct copies from State of Texas Department of Information Resources (DIR) Guidelines, Checklists & Templates. This book seems to follow the same course of action How To Become The Worlds No. 1 Hacker took, copy the content without attribution. For a complete list of the chapters and sources, see the listing at Attrition.

[...]

And copied from that site...

When Dr. Jahangiri was asked about the plagiarism, his e-mail response contained more interesting information along with more questions. He first responded that in the last 10 years, he had developed various policies for clients before saying that he subcontracted other companies in different countries to develop those documents. This makes it unclear if he and/or his company created the policies or if they were subcontracted from a third-party.

Jahangiri goes on to say that he purchased a set of policy templates in 2005 from a foreign company while he was busy on other engagements. He claims the set of documents included in that batch are the same ones found at the Texas Department of Information Resources and that he has the rights to use those purchased items. However, this claim seems bogus as some of the policies that were used had been published as early as 2002. Either the company he bought them from plagiarized, and he did not verify the material he received, or his claim is an outright lie.

Regardless of why, selling a book with 141 pages of security policies that are freely available on the Internet without disclosing where they came from (e.g., he hired a company to draft them, he collected them from the Internet) is fraud. Charging $49.95 for a print book of public material, and having the audacity to charge $150 for an electronic version is far from ethical.

1 of 12 people found the following review helpful:

4.0 out of 5 stars Best policy book I have read to date., May 19, 2010

By 

P. A. Janes (New York) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: The Security Policy Cookbook: A Guide for IT and Security Professionals (Paperback)

I am currently in the process of updating our polices and this book has been a life saver. It may not be 1000 pages like some of the other books on policy but it is clear and concise just as policies should be. The author also has a web site where you can download the templates that are shown in the book. A real time saver...

I have also read his Live Hacking book and that too is very concise. I look forward to his next book.