Cyber Attacks

E. Amoroso

Published by

Butterworth-Heinemann

ISBN

9780123918550

RRP

£42.99

Reviewed by

Nick Dunn MBCS CITP

Score

8 out of 10

The field of information security has vast numbers of technical books covering incident response, penetration testing and network defence. There is also a small but growing number of books taking a higher-level management approach to defending enterprise scale systems.

This book sits in the second category and is described as the ‘Student Edition’, having several exercises to complete at the end of each chapter. It is not stated what level of student or type of course the book is intended for and it could quite feasibly function as a course text for either a module of a BSc course or a self-contained corporate training course.

The book puts forward a good set of high-level principles for protecting enterprise scale assets against cyber-attack, which provide the necessary formal, rigorous approach for anyone holding ultimate responsibility in this area.

The treatment of these topics is conceptual rather than technical with minimal discussion of implementation, although this is understandable enough as there will be considerable variation between different enterprises and systems in practice.

The non-technical approach may frustrate readers who are looking for guidance on implementing security. Suggestions that are given a short high-level description and justification would require considerable technical resources and implementation time and in some cases cast doubt on the author’s technical knowledge, or at least on their sense of pragmatism.

One notable example is the suggestion of implementing a honey-pot as part of a web application and its production infrastructure in order to divert attacks on the application to a safe containment area. While this sounds fine in principle, the technical implementation and its associated risks are another matter entirely.

It is also easy to imagine the difficulties in getting buy-in from technical staff to implement this, not to mention the difficulty in finding staff that are actually capable of carrying out such a task.

While the high price is likely to put off a number of casual readers, this is an excellent introduction or high-level guide for anyone involved in the management of infrastructure security or learning the basic principles of enterprise information security.

Further information: Butterworth-Heinemann

May 2012