Inside the Security Mind

Inside the Security Mind : Making the Tough Decisions

4.6 (5 ratings by Goodreads)
By (author) 

Free delivery worldwide

Available. Dispatched from the UK in 3 business days
When will my order arrive?


Despite all the recent advances in security technologies and a barrage of new products, most organizations are only slightly more secure than they were 4 or 5 years ago. While companies are running to the latest security technology, they are missing the understanding of the whys and hows of security on a macro level. This book bridges that gap. If you work in a medium to large firm and need to develop a comprehensive security plan for your company, you need to understand how these technologies and products fit into the big picture. You need to be able to make decisions about which technologies to select and where/how they should be deployed in a cost efficient manner. The first half of the book breaks down security decisions into a set of simple rules that allow one to analyze a security problem and make decisions in almost any environment. The second half of the book applies the rules to making decisions about a security plan for the entire enterprise covering perimeter/firewall security, application security, system and hardware security as well as on-going security measures such as recurring audits, logging and monitoring, and incident response. Day also includes sections on choosing between open source and proprietary security options; wired, wireless, and VPNs; and an entire section devoted to risk assessment.
show more

Product details

  • Hardback | 336 pages
  • 176 x 234 x 23mm | 630g
  • Prentice Hall
  • Upper Saddle River, United States
  • English
  • 0131118293
  • 9780131118294

Back cover copy

"This is a really good book ... it spells out the motherhood and apple pie of information security in a highly readable way." --Warwick Ford, CTO, VeriSign, Inc.

"An excellent security read! Breaks down a complex concept into a simple and easy-to-understand concept." --Vivek Shivananda, President

Redefine your organization's information securityLearn to think and act like a top security guru! Understand the founding principles of security itself and make better decisionsMake your security solutions more effective, easily manageable, and less costly! Make smarter, more informed security decisions for your companyOrganizations today commit ever-increasing resources to information security, but are scarcely more secure than they were four or five years ago! By treating information security like an ordinary technological practice--that is, by throwing money, a handful of the latest technologies, and a lineup of gurus at the problem--they invariably wind up with expensive, but deeply flawed, solutions. The only way out of this trap is to change one's way of thinking about security: to grasp the reasoning, philosophy, and logic that underlie all successful security efforts.In Inside the Security Mind: Making the Tough Decisions, security expert Kevin Day teaches you how to approach information security the way the top gurus do--as an art, rather than a collection of technologies. By applying this discipline, your solutions will be more secure and less burdensome in time, expense, and effort. The first part of the book explains the practice of breaking security decisions down into a set of simple rules. These rules may then be applied to make solid security decisions in almost any environment. In the second part, Day uses a series of practical examples to illustrate exactly how the discipline works in practice. Additional material covers:

Designing an enterprise security plan, including perimeter/firewall and Internal defenses, application, system, and hardware securityOngoing security measures--recurring audits, vulnerability maintenance, logging and monitoring, and incident response, plus risk assessmentChoosing between open source and proprietary solutions; and wired, wireless, and virtual private networks This book is essential reading for anyone working to keep information secure. Technical and non-technical IT professionals alike can apply Day's concepts and strategies to become security gurus, while seasoned practitioners will benefit from the unique and effective presentation of the essential security practices.
show more

Table of contents



1. Introduction.

The Security Mind. Where Do We Start? Where Does It End?

2. A New Look at Information Security.

Security as an Art Form. What We Know About Security. Understanding the Fear Factor. How to Successfully Implement and Manage Security.

3. The Four Virtues of Security.

Introduction to the Virtues. The Virtue of Daily Consideration. The Virtue of Community Effort. The Virtue of Higher Focus. The Virtue of Education. Using These Virtues.

4. The Eight Rules of Security (Components of All Security Decisions).

Introduction to the Rules. Rule of Least Privilege. Rule of Change. Rule of Trust. Rule of the Weakest Link. Rule of Separation. Rule of the Three-Fold Process. Rule of Preventative Action (Proactive Security). Rule of Immediate and Proper Response. Incorporating the Rules.

5. Developing a Higher Security Mind.

The Art of Higher Security. Thinking in Zones. Creating Chokepoints. Layering Security. Working in Stillness. Understanding Relational Security. Understanding Secretless Security. Dividing Responsibilities. Failing Securely.

6. Making Security Decisions.

Using the Rules to Make a Decision. The Decision-Making Process. Example Decision.

7. Know Thy Enemy and Know Thyself.

Understanding the Modern Hacker. Where Modern Vulnerabilities Exist. Modern Targets. Modern Exploits. Neglecting the Rules: A Hacker's Tale. Creating Your Own Security Profile. Becoming Invisible to Your Enemies.

8. Practical Security Assessments.

The Importance of a Security Audit. Understanding Risks and Threats. The Traditional Security Assessment Model. The Relational Security Assessment Model. Relational Security Assessment Model: Risks. Relational Security Assessment Model: Controls. Relational Security Assessment Model: Tactical Audit Process. Analytical Audit Measures. Additional Audit Considerations.

9. The Security Staff.

Building a Successful Security Team. Bringing in Security Consultants. Outsourcing Security Maintenance.

10. Modern Considerations.

Using Standard Defenses. Open Source vs. Closed Source Security. Wireless Networks. Encryption. Virtual Private Networking.

11. The Rules in Practice.

Practicing the Rules. Perimeter Defenses. Internal Defenses. Physical Defenses. Direct Object Defenses. Outbound Internet Access. Logging and Monitoring. Handling Authentication.

12. Going Forward.

The Future of Information Security.

Appendix A. Tips on Keeping Up-to-Date.

Appendix B. Ideas for Training.

Appendix C. Additional Recommended Audit Practices.

Appendix D. Recommended Reading.

Appendix E. The Hidden Statistics of Information Security.

show more

About Kevin Day

KEVIN DAY is a CISSP and has worked as the lead security engineer and security practice manager fora major East Coast consulting firm. In these positions, Day worked on a series of high-profileprojects for Fortune 500 companies and government organizations. He is the founder of theRelational Security Corporation and currently heads up a joint venture developing new tools andmethodologies security risk assessment and auditing.
show more

Rating details

5 ratings
4.6 out of 5 stars
5 60% (3)
4 40% (2)
3 0% (0)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X