Network Security Evaluation

Russ Rogers et al

Publisher Elsevier
ISBN 978-1-59749-035-1
RRP $59.95
Reviewed by Jim McGhie CEng, MBCS, senior consultant, LogicaCMG UK
Score 8 out of 10

Network Security Evaluation Russ Rogers has done a fine job as the book's technical editor in pulling together and explaining the key aspects of security assessment and security evaluation

Network Security Evaluation provides a comprehensive and practical methodology for conducting technical security evaluations for all the critical components of a target network.

The first task any serious reader has to face however is getting to grips with the acronyms, of which they are many, particularly at the beginning of the book. Missing is a glossary of terms which would undoubtedly assist anyone unfamiliar with the American terminology used in the book.

The book guides the reader through a step-by-step framework aimed at achieving a thorough evaluation of any network architecture. It has been built up by the numerous contributors' security knowledge, experience and repeated practical application of the process.

Starting with the customer's information and postponing the use of technical tools until later in the process ensures that that the results achieved are relevant to the client’s situation. It also guards against the delivery of a boilerplate report which may or may not directly improve the clients’ network security. 

The book also provides an understanding of how legislation, industry regulation, and legal issues, addressed by the former deputy legal adviser to Condoleezza Rice, which could affect the client and impact the evaluation. However, since this is a book primarily targeted at an American readership not all of this information is applicable outside the USA.

Although aimed primarily at information security professionals, the book contains valuable information and guidance for project managers faced with working alongside security staff as part of a wider project with responsibility for obtaining system security accreditation or acceptance. The framework provides a way for both the consultancy provider and the customer to monitor and track progress of the assessment and evaluation.

I have no hesitation in awarding the book eight of ten for its practical approach, treatment of the subject matter and comprehensive coverage of the material it contains.

Further information: Elsevier