DragonData.com - Welcome to Your.org
Domain Name: DRAGONDATA.COM Registrant: N/A Kevin Day ( ) P.O. Box 326. Round Lake Beach Illinois,60073. US Tel. +1.3126281200. Creation Date: 03-Apr-1997 ...
whois.domaintools.com/dragondata.com
►
SecurityFocus Bugtraq: Re: Buffer overflow in mIRC allowing - Security
Feb 5, 2002 ... From: Kevin Day (
[email protected]) ... restore the two or three default group policy security templates one by one. ...
www.derkeiler.com › ... › securityfocus › bugtraq › 2002-02 - Cached
Inside the Security Mind: Making the Tough Decisions [Paperback]
Kevin Day (Author)
Product Description
Inside the Security Mind: Making the Tough Decisions, by security expert Kevin Day, teaches information officers how to think like a top security guru. Using real-world examples, Day explains how to reduce any security problem to a set of essential principles, making it easy to arrive at optimal solutions. Includes practical material on enterprise security issues and measures.
From the Back Cover
"This is a really good book ... it spells out the motherhood and apple pie of information security in a highly readable way."
—Warwick Ford, CTO, VeriSign, Inc.
"An excellent security read! Breaks down a complex concept into a simple and easy-to-understand concept."
—Vivek Shivananda, President
Redefine your organization's information security
Learn to think and act like a top security guru!
Understand the founding principles of security itself and make better decisions
Make your security solutions more effective, easily manageable, and less costly!
Make smarter, more informed security decisions for your companyOrganizations today commit ever-increasing resources to information security, but are scarcely more secure than they were four or five years ago! By treating information security like an ordinary technological practice—that is, by throwing money, a handful of the latest technologies, and a lineup of gurus at the problem—they invariably wind up with expensive, but deeply flawed, solutions. The only way out of this trap is to change one's way of thinking about security: to grasp the reasoning, philosophy, and logic that underlie all successful security efforts.
In Inside the Security Mind: Making the Tough Decisions, security expert Kevin Day teaches you how to approach information security the way the top gurus do—as an art, rather than a collection of technologies. By applying this discipline, your solutions will be more secure and less burdensome in time, expense, and effort. The first part of the book explains the practice of breaking security decisions down into a set of simple rules. These rules may then be applied to make solid security decisions in almost any environment. In the second part, Day uses a series of practical examples to illustrate exactly how the discipline works in practice. Additional material covers:
Designing an enterprise security plan, including perimeter/firewall and Internal defenses, application, system, and hardware security
Ongoing security measures—recurring audits, vulnerability maintenance, logging and monitoring, and incident response, plus risk assessment
Choosing between open source and proprietary solutions; and wired, wireless, and virtual private networks
This book is essential reading for anyone working to keep information secure. Technical and non-technical IT professionals alike can apply Day's concepts and strategies to become security gurus, while seasoned practitioners will benefit from the unique and effective presentation of the essential security practices.
Inside the Security Mind:
Making the Tough Decisions
Kevin Day
Prentice Hall 2003
Isbn 0-13-111829-3
Inside the Security Mind is an easy read geared for the novice and as well as the seasoned pro. It starts with the basics and develops a good path to higher security concepts.
Well written with the focus on developing a good security program and implementing training, Inside the Security Mind will guide you through the steps necessary to allow you to define your security goals and policies. Inside the Security Mind was written with the premise in mind, best defined on page 283, which states:
" the evolution of security will not come through technology, but through awareness."
This book is great for helping to develop your own security and training policies and programs, including appendices complete with outlines and web resources to help setup basic computer security training classes within any organization and keep current with ongoing developments. Inside the Security Mind has comprehensive examples and comparisons through out the text demonstrating how to define security guidelines and setting rules by using risk and threat tables.
Written in simple layman's terms Inside the Security Mind starts with an overview of the realities of computer security including the positive and negative risks and covers subjects such as:
Good guys and bad guys: who really is a hacker and who is not. The 4 types of common hackers, who they are, what they are usually targeting and the most common exploits used for attack.
Allows you assess your necessary considerations, efforts, focus and education required to define your security policies and procedures.
Defines a set of eight necessary security rules and their implications, including the difficulties of granting and implementing these rules.
Demonstrates the effects of trust, change, access, weaknesses, separation, process, prevention, response and their integrated effects on security.
Displays common connection, networking and database vulnerabilities as well as operating and physical vulnerabilities and their relationships.
Shows how attacks can be chained (combined) and the effect of what chaining does.
Differentiates between criminal hackers and the more common garden-variety types
Demonstrates how to lower liabilities from outside the network
Defines security assessment models: how to define risks and threat assessment including traditional US relational security assessments
Displays audit measures and their relationship to acceptable risk assessment regarding perimeter and internal architectures
Shows current audit tools and the types of scans and why they are used
Defines standard defenses and their staffing considerations
How to use of external vs. internal consultants and the truths about certifications
What security hazards associated with hardware-based security exist
How firewalls will and will not be useful to your defenses and why firewalls are not all that is needed.
What the perimeter, internal, physical, server/device, access, authentication and logging/monitoring considerations are and the unique characterizations of each in relation to hardware.
Defines the common defense points and the considerations needed to applying hardening
Vpns and when to use them and their security flaws
This book is a great guide to setting up or reviewing any data security program and will make a nice addition to any security officer's library.
D Bruce Curtis
American Interconnect Corp.