Hello all,
I think Rich has a good question, but I freely admit to gaining my security knowledge from multiple sources, so I can't give you a good answer for that "one key book". I think the primary difficulty is that security can affect so many aspects of business in a networked environment that it's hard to create an overview without making assumptions about how much your audience already knows. Security itself is a broad field: do a Google search on "Security for Beginners" and you get hits for network, internet, linux, and other beginner guides...
I have read good reviews of Network Security for Dummies, but some reviewers feel that a basic knowledge of networking is still needed to get the most out of this book. Network Security: a Beginner's Guide also gets good reviews, and praise for not talking down to the audience. It also starts with a fairly large glossary of networking terms defined, which can make it a tough read (since no one likes to read a dictionary, no matter how necessary it may be.) Either of them might make a good choice, provided your manager has some level of technology understanding.
While I wouldn't recommend it to any managers, I am quite fond of Security+ Certification Passport, part of the Passport series by Mike Meyers (no, not the Austin Powers guy!). You need some technical background to read it, but it covers a broad area of security issues and concerns (including physical security, social engineering, and types of attacks). For a sysadmin wanting a broad overview of the field, whether or not you are seeking certification, this book covers a lot of ground quickly in some amount of detail. It won't answer all your questions on any given security topic, but it will show you just how broad the general area of "security" is in IT environments.
Anyone other thoughts on this subject? If someone has a good book to recommend, I'd love to hear about it.
John A. Resotko
Head of Systems Administration
MSU - Detroit College of Law
208 Law College Building
East Lansing, MI 48824-1300
email:
[log in to unmask]Phone: 517-432-6836
Fax: 517-432-6861
>>> Rich Wiggins <
[log in to unmask]> 12/12/2003 10:37:39 AM >>>
If you could hand your boss one book to read on computer and network
security, what would you pick? When Lou Rosenfeld reviewed Steve
Krug's "Don't Make Me Think" he said it was the one indispensable
book to give to your manager if you are a Webmaster.
Is there one favority Web site you'd refer your management to?
(Of course security.msu.edu is assumed. :-) )
Please reply privately to me unless you feel the info would be
useful to the group.
Thanks,
/rich
