11/26/2007
book Network security assessment by Steve Manzuik
Network Security Assessment by Steve Manzuik, Ken Pfeil, Andre Gold by Syngress (2007) is a book that more or less does what its undertitle says, its gives you a kind of rogue methodology - procedure to go from vulnerability to patch. The undertitle should therefore be the title because a software vulnerability assessment is not a network security assessment. A network can be insecure for hundreds of reasons and software vulnerabilities are only one of them and are not always the most important ones.
I have also somehow the feeling that the book could be much less pages and that at the end they were just repeating themselves or giving information that should have been gone online (index of software distributors). The same problem with the description of the software tools that they have selected for vulnerability or patch management. You can't describe in a book in detail how it works because at the time the book is published the software has changed or isn't even available anymore. There should have been more information about how to set up scans and rescans and methodologic tracking of the situation on the net, on the firewall and on your network.
It is a good book to start with if you don't have a clue how to set up an inventory, start a vulnerability scan and plan your patch management, but you will have to buy a few more books to have a network security assessment.
belsec is not linked to any publisher or online bookseller
16:40 | Permalink | Comments (1) | Email this
| 
| 
del.icio.us
|
| 
Digg | 
Facebook
11/23/2007
ITsecurity project management by snedaker and rogers
This book by Susan Snedaker and Russ Rogers was published in 2006 and is quite thick.
After having read the book twice I still have mixed feelings about the book. At one side it has given a lot of practical information and guidelines that weren't as concise or were too detailed in other books but at the other side I am still not sure I have a good complete book about IT security project management. I presume it is not easy to write a book about IT security project management without losing half the book at explanations and guidelines to secure your network but at the other side a book about IT security project management should have gone deeper in the project management part of its title.
The book is a very good book for those that are more or less new to the field or are looking for an eagle-view book instead of those hyperpractical and limited books that are being published like bread. It is not a good book for someone who wants a handbook from a to z if he wants to go through ITsecurity management without consultants and more reading. As an introduction to it, it is quite a nice read.
The other limitation of this book - and that is a bit silly in these networked times is that there is not one chapter that takes into account the European laws and guidelines. Maybe it is for the future but changing a few chapters depending on your continent or country wouldn't be too much to ask. But I have to say, the American laws are quite interesting - not to say fascinating - for us Europeans that have nothing comparable yet.
Belsec is not affliated with any bookshop or publisher.
16:46 | Permalink | Comments (0) | Email this
| | del.icio.us
|
| Digg | Facebook
11/22/2007
where to find more free IT books
You can find Free IT and other books here - but as long as the links work off course - there is no warez or rapidshare kind of stuff. It is all on sites that claim they control the copyrights o the uploaded stuff
it has an rss feed
12:46 | Permalink | Comments (0) | Email this
| | del.icio.us
|
| Digg | Facebook
11/21/2007
a massive free library of belgian security and encryption research
I want to thank the professors and students first and all to make this research available for download and reading. Many other universities and researchers try to get money out of it and sell their publicly financed research as if it belongs only to their pockets. Respect for that. (my personal opinion - remember belsec has no official belsec opinions - belsec is a platform)
You will find a list of publications organised by year here and than you choose the year.
http://www.cosic.esat.kuleuven.be/publications/static/
As a reminder belsec is available to distribute and announce free research and publications as long as it aren't advertorials (the so called white papers section).
10:34 | Permalink | Comments (0) | Email this
| | del.icio.us
|
| Digg | Facebook
11/12/2007
Thesis online over Belgische cybercrime wetgeving
| nederlandstalige thesis over cybercrime 2002 |
en vooral de Belgische cybercrime wetgeving |
21:50 | Permalink | Comments (0) | Email this
| | del.icio.us
|
| Digg | Facebook
European ICT security Norms published
This report has been drawn up by a team of experts who were contracted by CEN, under the technical supervision of the NISSG, the relevant sub-group of the ICT Standards Board. The report was approved by the NISSG meeting on 21 March 2007. The ISSS Forum confirmed the report through an electronic process that ended on 11 May 2007. This report, or extracts from it, may be reproduced in other publications provided the source is acknowledged.
The report is available in pdf format as well as on line (see Table of contents below).
Comments should be sent to the NISSG Secretary, using the form herewith.
Editorial comments will be implemented directly.
Substantial comments will be discussed by NISSG at its meetings and appropriate action will be decided.
A log of changes is available from this site (see above) for the sake of transparency till such time the NISSG decides to issue a revised report
More documents and norms http://www.ict.etsi.org/NISSG_home.htm
09:46 | Permalink | Comments (1) | Email this
| | del.icio.us
|
| Digg | Facebook