| |
The New School of Information Security
by Decius at 11:16 am EDT, Mar 16, 2008 |
Adam Shostack has a new book. Why is information security so dysfunctional? Are you wasting the money you spend on security? This book shows how to spend it more effectively. How can you make more effective security decisions? This book explains why professionals have taken to studying economics, not cryptography--and why you should, too. And why security breach notices are the best thing to ever happen to information security. It’s about time someone asked the biggest, toughest questions about information security. Security experts Adam Shostack and Andrew Stewart don’t just answer those questions--they offer honest, deeply troubling answers. They explain why these critical problems exist and how to solve them. Drawing on powerful lessons from economics and other disciplines, Shostack and Stewart offer a new way forward. In clear and engaging prose, they shed new light on the critical challenges that are faced by the security field. Whether you’re a CIO, IT manager, or security specialist, this book will open your eyes to new ways of thinking about--and overcoming--your most pressing security challenges. The New School enables you to take control, while others struggle with non-stop crises.
This is interesting but the editorial review (quoted above) makes a lot of bold claims without explaining how those claims are met. I eagerly await further reviews and shorter articles written by the authors to promote their book... |
| |
RE: The New School of Information Security
by possibly noteworthy at 4:12 pm EDT, Mar 16, 2008 |
Possibly Noteworthy wrote: Adam Shostack has a new book.
Decius wrote: This is interesting but the editorial review makes a lot of bold claims without explaining how those claims are met. I eagerly await further reviews and shorter articles written by the authors to promote their book.
First, to clarify, the quoted text was the promo copy from the book jacket, not an independent editorial review. Second, based on a prior comment, and since this book is published by Addison-Wesley, Acidus may be able to get an early review copy: I've been exercising my new found privileges as an Addison-Wesley author (getting free books) ...
(Then again, maybe not, since it was only last November that Acidus exclaimed, "Damn you Adam Shostack!!!") Third, the Table of Contents may shed some light on the "how" you raised above. Beyond that, you can get a limited preview at O'Reilly, but after the introduction (which is also at Amazon), you get only little snippets of each page. One of the authors (Andrew J. Stewart) offers several technical papers at his web site; another paper is Distributed Metastasis: A Computer Network Penetration Methodology, from 1999. Shostack recently wrote The Trouble with Threat Modeling, and at Schmoocon 2007 he gave a short talk entitled "Security Breaches Are Good for you." He gave a Blackhat presentation entitled Identity and Economics: Terrorism and Immigration. |
|
The New School of Information Security
by possibly noteworthy at 7:12 am EDT, Mar 16, 2008 |
Adam Shostack has a new book. Why is information security so dysfunctional? Are you wasting the money you spend on security? This book shows how to spend it more effectively. How can you make more effective security decisions? This book explains why professionals have taken to studying economics, not cryptography--and why you should, too. And why security breach notices are the best thing to ever happen to information security. It’s about time someone asked the biggest, toughest questions about information security. Security experts Adam Shostack and Andrew Stewart don’t just answer those questions--they offer honest, deeply troubling answers. They explain why these critical problems exist and how to solve them. Drawing on powerful lessons from economics and other disciplines, Shostack and Stewart offer a new way forward. In clear and engaging prose, they shed new light on the critical challenges that are faced by the security field. Whether you’re a CIO, IT manager, or security specialist, this book will open your eyes to new ways of thinking about--and overcoming--your most pressing security challenges. The New School enables you to take control, while others struggle with non-stop crises.
|
The New School of Information Security
by Acidus at 8:03 am EDT, Mar 17, 2008 |
 Why is information security so dysfunctional? Are you wasting the money you spend on security? This book shows how to spend it more effectively. How can you make more effective security decisions? This book explains why professionals have taken to studying economics, not cryptography--and why you should, too. And why security breach notices are the best thing to ever happen to information security. It’s about time someone asked the biggest, toughest questions about information security. Security experts Adam Shostack and Andrew Stewart don’t just answer those questions--they offer honest, deeply troubling answers. They explain why these critical problems exist and how to solve them. Drawing on powerful lessons from economics and other disciplines, Shostack and Stewart offer a new way forward. In clear and engaging prose, they shed new light on the critical challenges that are faced by the security field. Whether you’re a CIO, IT manager, or security specialist, this book will open your eyes to new ways of thinking about--and overcoming--your most pressing security challenges. The New School enables you to take control, while others struggle with non-stop crises.null
Go Adam! Congrats on getting this out the door! We can exchange signed copies at RSA. |
|
|
