There is very little original thinking or detailed analysis in "Tangled Web." It is a pastiche of sound bites from security experts who are associates of the author. Chapter 2 goes a bit beyond sound bites, but it is still a rehash of other sources, and anyone who is moderately well-read in infosec will find that they have already been over all of this ground.
In addition to the quotes and sound bites, the author makes extensive use of the CSI/FBI survey (Power is the inspiration and driving force behind it). This study was conducted within a self-selecting audience that was expected to ESTIMATE the cost and frequency of the attacks they believe their organization experienced. It may be the best information we have, but it does not really represent a scientifically rigorous survey that can be accepted as providing an accurate understanding of the true cost or extent of computer crime. It looks impressive, but it is also designed to support the common agenda of Power's organization (the Computer Security Institute), and the FBI. Certainly the material is not intended to discourage people from attending CSI workshops.
Besides the lack of rigor in the much-quoted survey, the constant exaggeration of the monetary cost of hack-attack damages is misleading. Power delves into the pseudo-scientific again by using 7 significant figures to report on estimated costs of hacking sprees. I'm no fan of Mitnick, but quoting the inflated loss estimates provided by his victims does not make them fact. I think highly of Marcus Ranum, but he's hardly a cost accountant, so I question using his financial estimates on how much a hack attack costs a victim. To be fair, Power does follow the Ranum interview with an interview of an experienced accountant, but the fact is that nobody has any idea what the cost of information security failures really is.
If you are familiar with the CSI newsletter, you'll recognize the author's hand in this book--lots of quick anecdotes about bad things happening to good people, but no analysis. The writing follows this same newsletter writing style. Short sentences. Really short paragraphs. I find this writing style distracting, but it is a matter of personal preference, and it matches the material. This is a book that is easy to read in short bursts, which will be advantageous if you don't have a lot of time to spend on this subject.
This is a good book for an executive or neophyte who wants to read a single book that helps them understand the current nature of Internet crime, provides them a quick exposure to some of the personalities and philosophies of some prominent infocrime fighters, and concludes with solid suggestions on what needs to be done. But if you want to be a specialist in information security, then you need to read books with greater depth than this one.
This is not a meaty tome, it contains no original ideas, and the reported cost of Internet attacks is not substantiated. However, it is a quick and interesting read if you are curious and only have time for a single book.
Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.
Read instantly on your browser with Kindle for Web.
Using your mobile phone camera - scan the code below and download the Kindle app.
Popular titles by this author
Page 1 of 1 Start overPage 1 of 1
About the author
