|
< Foreword >
Let's think about what "security"
means for a moment. In many ways, life is about the perpetual struggle for security,
be it personal, physical, emotional, financial--you name it. Most of us work
at building and maintaining stable, secure relationships with the world
around us.
Unfortunately, humankind is not destined
to enjoy perfect security. Intuitively, we all understand that unpredictable
threats could arise at any moment. So, from the realist's point of view, security
has always been about mitigating risk[md]surviving the panoply of threats
our world throws at us. We see examples of risk mitigation in our daily lives[md]we
build houses in safe neighborhoods, put locks on our doors, drive the speed
limit, buy insurance[md]dozens of rituals that have become almost habitual,
encoded into our daily living.
We are truly practiced at risk management
in the physical world. Why, then, does the learning curve seem so steep when
we attempt to transfer these centuries of accumulated knowledge to the digital
universe? Maybe it is because our instincts do not serve us so well in the sensory
vacuum of packet-driven global communications networks. Or perhaps the old habits
are just taking time to translate into the new world (certainly, a dose of good
ol' horse sense could've saved some dot-coms from the market gyrations of the
early millennium). Or could we really have stumbled onto the need for a new
paradigm here[md]could the mindset that protected gold stored in ancient medieval
castles with moats and stone walls be altogether the wrong way to protect the
ethereal, fungible, barely tangible information that drives modern society?
If you've picked up Surviving Security:
How To Integrate People, Process, and Technology, then you are seeking a
way to secure the information and resources critical to your business. From
Wall Street to Main Street, information security is Priority Number One in the
new millennium, and rightfully so. I view the information encoded herein as
the latest chapter in humankind's perpetual struggle for a broader "security."
Indeed, most everything of tangible value in today's society is stored in digital
form somewhere (and a lot of the intangibles as well, some would argue). Without
the knowledge to defend our digital assets, we are lost, and the degree of our
potential loss grows larger everyday as we pour the contents of our lives into
databases, PDAs, personal computers, Web servers, through routers, hubs, switches,
cell phones, gateways, copper, coax, the air itself[el].
Surviving Security
is a crash course in all of the things that we should be doing in cyberspace
that don't come naturally to most of us. It is a soup-to-nuts portrayal of how
to do security right, from an experienced practitioner of digital security in
real-world environments. I know this because I've worked with Mandy Andress
in more than a few of those environments, and continue to collaborate with her
in the world of IT security. She's "been there, done that" in the
industry parlance, and she's written a great deal of it down in this book to
the benefit of her readers.
Perhaps the best thing about this book, though, is that it's timely.
Mandy hasn't written just another cookbook recitation of the basics of security;
she has built a comprehensive structure on sound principles and extended it
with her intimate knowledge of exciting new technology, garnered from her own
extensive security experience. And she has seasoned it well with the good business
sense you would expect from someone who has survived as an IT staffer at a Fortune
500 firm, consultant for a Big X audit house, Chief Information Security Officer
for a budding technology firm, and as an entrepreneur who has started and succeeded
in building her own technology consultancy. I see few, if any, other titles
on the shelves that can match this volume of experience and expertise in such
a concise, lucidly written, and easy to read package.
So what are you waiting for? Turn the page
and start learning how to think like an IT security survivor before you become
the next target.
--Joel Scambray, July, 2001
Co-author, Hacking
Exposed
Joel Scambray is managing principle at Foundstone,
Inc. He is co-author of the international best-seller Hacking
Exposed, the definitive expose of the tools and techniques hackers
use to penetrate computer security. He has written on security for
Microsoft's TechNet and InfoWorld Magazine over the past several
years, while consulting for Fortune 500 firms and promoting security
in speaking engagements and training seminars on behalf of Foundstone,
the Computer Security Institute, SANS, and the MIS Training Institute.
|
