Slashdot: Intrusion Detection [Book Review]Jan 27, 2000, 18:45 (0 Talkback[s])
(Other stories by Disgruntled Goat)
"Security books, quite frankly, are pretty much a dime a dozen, most of which are written by people in IT field security. What immediately separates this book from the rest is the background of the author. Ms. Bace is an ex-government employee, spending 12 years in everyone's favorite spook organization, the National Security Agency. She led the Computer Misuse and Anonmaly Detection (CMAD) Research Program for six years at the NSA. She also collaborated on Computer Crime : A Crimefighter's Handbook by Dr. David Icove of the FBI. She also won the Distinguished Leadership Award in 1995 from the NSA."
"This book is sort of dry reading. It's akin to reading college CS textbooks for pleasure. Or law books. What I didn't like is the fact that she wasn't real clear on the distinction of "hackers", nor how she describes them. She worries that "hackers" wish to "corrupt the trust process". And the focus for the book is not primarily for techies. It's designed for CIO smacking...."
"What made this good for me was the fact that I could have points to show to management for InfoSec issues. I work in a hospital and we tend to attract a large amount of famous people as patients. If something damaging was leaked to the media about a famous person's medical condition that was potentially embarassing, we're looking at a good multi-million dollar lawsuit. This book isn't a by-the-book "How to protect your systems", but more of a book on what to safeguard, and how to detect patterns that may indicate patterns of unauthorized usage."