Sponsored links

Valid XHTML 1.0!
Valid CSS!

Product: Book - Paperback
Title: Information Security Risk Analysis
Publisher: Auerbach Publications
Authors: Thomas R. Peltier
Rating: 5/5
Customer opinion - 5 stars out of 5
Superb book - explains the details

This is an excellent introduction to risk analysis in general and a highly effective guide for conducting a security risk analysis.
Of the 281 pages in this book, 156 pages are devoted to the seven chapters comprising the "how to" and case study, with the remaining pages allocated to six highly valuable appendices.
Chapter 1, Effective Risk Analysis, starts the book by discussing risk analysis in general, including common approaches, and leads into the author's approach. The next chapter covers qualitative risk analysis, followed by a chapter on value analysis. By this point it's clear that the author's philosophy is to capture major risks, cost data and develop impact without getting bogged down in complex methods. I liked chapter 4, which discusses other qualitative methods, their strengths and weaknesses, which adds context to the heart of this book: Chapter 5, Facilitated Risk Analysis Process. In a nutshell, this approach involves all stakeholders and spreads the responsibility and accountability for identifying, analyzing and prioritizing risks. This is as it should be because security should be everyone's job, and the stakeholders (led by subject matter experts) are the best source of authority for making trade-offs and allocating resources to ensure the degree of security that consensus dictates. Since security is, in part, a function of trade-offs, the Facilitated Analysis Risk Process proposed by the author is an effective and essential process supporting security. Chapter 6 covers other uses of qualitative risk analysis, and is though-provoking and informative. The case study in chapter 7 ties together the preceding chapters and concludes the text on risk analysis.
The appendices are, in my opinion, invaluable. Like a previous reviewer I lament the fact that the tables and forms were not included in electronic format, but this is a minor quibble on my part. Appendix A is a comprehensive, 25-page questionnaire that covers every facet of security risks. Appendix B contains a reproduction of every form associated with the Facilitated Risk Analysis Process (Scope/Business Process Identification, Action Plan, Final Report, Controls List, Risk List and Controls/Risk Cross-Reference List). Business Impact Analysis forms are provided in Appendix C, and a sample report is provided in Appendix D. Threat definitions are provided in Appendix E, and three short papers authored by other experts giving other opinions of risk analysis are the subject of Appendix F.
Overall this is a highly focused book that should not be ignored by anyone who is responsible for security, business continuity or disaster recovery planning. Even if you are more apt to use quantitative methods instead of the qualitative methods proposed by the author, this book is still an important work on security risk analysis. The appendices alone are worth the price of the book.

Product: Book - Paperback
Title: Security Warrior
Publisher: O'Reilly
Authors: Cyrus Peikari, Anton Chuvakin
Rating: 5/5
Customer opinion - 5 stars out of 5
Excellent Coverage

This book is definitely an excellent resource for a very broad range of security related issues. In spite of its large coverage, it is very technical. The authors take you from assembly level reverse engineering to much higher level SQL code injection; the book is a must in every geek's bookshelf.

Product: Book - Paperback
Title: MCAD/MCSD Training Guide (70-306): Developing and Implementing Windows-Based Applications with Visual Basic.NET and Visual Studio.NET
Publisher: Que
Authors: Mike Gunderloy
Rating: 5/5
Customer opinion - 5 stars out of 5
Best book on this topic

This is by far the best VB.NET study guide on the market. It's thorough, has great excercises and sample questions, and is sufficiently detailed to help you pass the exam.
I did find a couple typos and wrong answers in the book, but everytime I emailed the author for clarification I got a response back within 24 hours. This is one of the best study guides I've seen, not just on the subject of VB.NET, but in general.

Product: Book - Hardcover
Title: High-Speed Digital System Design: A Handbook of Interconnect Theory and Design Practices
Publisher: Wiley-IEEE Press
Authors: Stephen H. Hall, Garrett W. Hall, James A. McCall
Rating: 4/5
Customer opinion - 4 stars out of 5
Excellent... even too much!

This book gives an excellent review of transmission theory, with real-world examples from the PCB industry. Also several useful rules of thumbs are provided. The design methodology presented is really focussed on computer motherboards and board-CPU codesign and does not always applies to other kind of high-speed designs. Moreover, the techniques proposed in the book are sometime excessive for small teams.