We have 15 guests and no members online
Book Title: Computer Incident Response and Product Security
Author: Damir Rajnovic
Publisher: CISCO Press
Date of Publishing: December 2010
Price (UK&US price – full price, not discounted price): £36.99, $59.99
URL of Publisher Site: CISCO Press
URL of Amazon UK web page: Network Security Incident Response (Networking Technology: Security)
URL of Amazon US web page: Amazon.com
I have been involved in security for over 30 years, starting in physical security and then moving into IT security and have read a number of Incident Management books as well as being involved in creating incident response teams, both in the commercial and military sectors. I found this book offers a good framework for Incident Management and even though, at first, I was sceptical as to why product security was covered in this book, I found the way the author has written it provided a very logical progression into the product security chapters. This was actually very informative.
The book is not big, consisting of 225 pages spread over 13 chapters with a logical flow in terms of structure, but it is caught between being an overview and a comprehensive guide. This means that quite often, you’ll find yourself wishing there was more detail on some subjects and less on others. There is a distinct tendency to cover some aspects in greater depth than others, especially on the technology side, whilst ignoring some of the softer subject areas. However, that being said, it does not detract too much from the value of the book, which does actually provide an in-the-middle-view of Incident Management. It’s a good book for beginners and an excellent refresher for those who have done it before.
There are some key messages within the book around communications, especially with third parties, which are useful throughout business and not specifically for Incident Management. The other aspect I believe would be useful, especially for executives, is the importance of budget and management support, without which Incident Management cannot happen. The author provides a number of options on how to formulate and structure an incident response team, which provides the reader with an incentive to investigate the subject further; there is no one-size-fits-all when it comes to Incident Management.
The product security chapters were interesting and provided some insight into the large security vendors without being vendor specific. This was a pleasant surprise, given the book is published by Cisco Press. The information provided in these chapters would be useful for any security manager as it covered key topics that warrant further research.
I found that this book would make an excellent reference for creating an Incident Management checklist as it covers all the key areas that need to be included in any good Incident Response team. The principles laid out by the author are not only valuable for security incident management but also for other non-security incidents.
One thing I’d say that was missing, however, was that if a future edition was to include a process flow or step-by-step implementation plan to handle incidents, this would have added significant value as it would have provided a ‘cheat sheet’ to follow in your business.
The book should be recommended reading for companies wishing to start Incident Management. However, the book has wider appeal and should also be read by senior/executive management as it provides good practice and excellent business reasons for creating a team to handle incidents. The book is small enough to make it a handy guide to Incident Response.
Marks: 4 out of 5