Zen and the Art of Information Security [Paperback]

Ira Winkler (Author)

Book Description

Publication Date: March 1, 2007 | ISBN-10: 1597491683 | ISBN-13: 978-1597491686 | Edition: 1

While security is generally perceived to be a complicated and expensive process, Zen and the Art of Information Security makes security understandable to the average person in a completely non-technical, concise, and entertaining format. Through the use of analogies and just plain common sense, readers see through the hype and become comfortable taking very simple actions to secure themselves. Even highly technical people have misperceptions about security concerns and will also benefit from Ira Winkler's experiences making security understandable to the business world. Mr. Winkler is one of the most popular and highly rated speakers in the field of security, and lectures to tens of thousands of people a year. Zen and the Art of Information Security is based on one of his most well received international presentations.

*Written by an internationally renowned author of "Spies Among Us" who travels the world making security presentations to tens of thousands of people a year
* This short and concise book is specifically for the business, consumer, and technical user short on time but looking for the latest information along with reader friendly analogies
* Describes the REAL security threats that you have to worry about, and more importantly, what to do about them

Editorial Reviews

From the Back Cover

While security is generally perceived to be a complicated and expensive process, Zen and the Art of Information Security makes security understandable to the average person in a completely non-technical, concise, and entertaining format. Through the use of analogies and just plain common sense, readers see through the hype and become comfortable taking very simple actions to secure themselves. Even highly technical people have misperceptions about security concerns and will also benefit from Ira Winkler's experiences making security understandable to the business world. Mr. Winkler is one of the most popular and highly rated speakers in the field of security, and lectures to tens of thousands of people a year. Zen and the Art of Information Security is based on one of his most well received international presentations.

About the Author

Ira Winkler, CISSP is President of the Internet Security Advisors Group. He is considered one of the world's most influential security professionals, and has been named a "Modern Day James Bond" by the media. He obtained this status by identifying common trends in the way information and computer systems are compromised. He did this by performing penetration tests, where he physically and technically "broke into" some of the largest companies in the World and investigating crimes against them, and telling them how to cost effectively protect their information and computer infrastructure. He continues to perform these penetration tests, as well as assisting organizations in developing cost effective security programs. Ira also won the Hall of Fame award from the Information Systems Security Association. Ira is also author of the riveting, entertaining, and educational book, Spies Among Us. He is also a regular contributor to ComputerWorld.com. Mr. Winkler began his career at the National Security Agency, where he served as an Intelligence and Computer Systems Analyst. He moved onto support other US and overseas government military and intelligence agencies. After leaving government service, he went on to serve as President of the Internet Security Advisors Group and Director of Technology of the National Computer Security Association. He was also on the Graduate and Undergraduate faculties of the Johns Hopkins University and the University of Maryland. Mr. Winkler has also written the book Corporate Espionage, which has been described as the bible of the Information Security field, and the bestselling Through the Eyes of the Enemy. Both books address the threats that companies face protecting their information. He has also written over 100 professional and trade articles. He has been featured and frequently appears on TV on every continent. He has also been featured in magazines and newspapers including Forbes, USA Today, Wall Street Journal,

Product Details

• Paperback: 192 pages
• Publisher: Syngress; 1 edition (March 1, 2007)
• Language: English
• ISBN-10: 1597491683
• ISBN-13: 978-1597491686
• Product Dimensions: 8.5 x 7 x 0.7 inches
• Shipping Weight: 10.4 ounces (View shipping rates and policies)
• Average Customer Review: 2.5 out of 5 stars  See all reviews (2 customer reviews)
• Amazon Best Sellers Rank: #820,569 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

15 of 15 people found the following review helpful:

3.0 out of 5 stars Ideal for naive newcomers to information security, June 9, 2007

By 

Dr. G. Hinson "Gary" (New Zealand) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: Zen and the Art of Information Security (Paperback)

The book is written for naive computer users with limited prior knowledge of information security. Readers familiar with Ira's previous books (Corporate Espionage and Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day) will probably recognize the style and examples. Ira avoids technical descriptions of information security risks and controls, thereby avoiding the technical jargon common in other infosec books. On the whole, he sticks to non-technical attack methods (such as social engineering) and defenses, with barely a mention of network hacking and malware. The subject matter is essentially the same as Ira's previous books so it could be said that this is another re-hash of those - however, Ira has made a conscious decision to write a more succinct and high-level book to make the topic more accessible to the layman who is less likely to have read the previous books. Given the stated intent to write a short book on such a complex technical subject, the writing is necessarily quite superficial in places, frequently glossing over the realities.

Two threads throughout the book are (1) it is necessary to understand security risks and (2) simple security controls are good enough to stop most threats. The Zen in the title appears to refer to martial arts rather than Eastern philosophies, and is used in the context of explaining that there is no need to be a `black belt' information security expert to be effective. There is some merit in the argument, in the same way that basic first aid techniques can help save lives. Personally, however, I wouldn't take the argument so far as to suggest that there is no need for trained professional medics.

A few technical inaccuracies caught my eye, some of which I could put down to the book's rather superficial coverage but others appear to be genuine misunderstandings by the author. In several places, the author makes disparaging remarks about script kiddies, fair enough, but he is also dismissive of skilled hackers. I find this attitude troubling since hackers can be worthy adversaries of even the best and most resourceful information security managers. There are far too many incidents to dismiss all hackers out of hand, therefore it would be foolhardy to discount hacking risks.

If you have no background in information security, this book makes an interesting introduction to the issues but falls short on useful advice. If you have read the author's previous books, you are unlikely to learn anything new.

1 of 1 people found the following review helpful:

2.0 out of 5 stars Common sense, September 28, 2010

By 

R. Church (Fairfax, VA United States) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: Zen and the Art of Information Security (Paperback)

From page 1, this book strikes me as essentially a summary of common sense, while the author is continually condescending.

However, in one chapter, he actually misses the point completely--he states that asking "what percentage of an IT budget should go to security" is a "bad question". That's actually an incredibly difficult question that changes from business to business and requires detailed analysis in every situation.