The CERT Guide to System and Network Security Practices

The CERT Guide to System and Network Security Practices should be a reference document on SAs, ISOs, and DBA's bookshelf that are serious about protecting their respective infrastructures. I might add that there is unfortunately precious little specific to RDBMS solutions resident in this tome, notwithstanding the paucity of material extant in the market place pertaining to RDBMS Infosec, so if you are looking for application... Read Full Review

Before I started working at for a CERT team I bought this book to help familiarize myself with CERT proceures and policies. It has become a must-have reference for all the CERT members here. I showed my copy to my boss and he immediately orderd 24 more! I found the section II (Intrusion Detection and Response) extremely straight-forward and informative. There is a "no BS" approach to intrusion detection, there are no... Read Full Review

The five step approach to securing and managing systems and assets that this book provides is a blueprint for a comprehensive and effective security programWhat I found especially valuable is the fact that the complex task of developing, implementing and managing an effective security program is clearly outlined in this book. I also like the fact that the security exposures and techniques for dealing with them are based on... Read Full Review

After reading the CERT Guide to System and Network Security Practices, you may feel as if you've been speaking with your mother about computer security, as most of the advice detailed in the book is common sense. But, as Voltaire astutely noted, common sense is not so common. The truth is that there is really nothing new in this book that CERT (Computer Emergency Response Team...) has not been saying in one way or another... Read Full Review

This book contains a security approach that is based on the collective experience and statistical analysis of the CERT Coordination Center. The contents of this book are authoritative and well structured. Structure is based on a five layer (or step) approach to securing information assets that consists of 52 distinct practices. The layers correspond to stages in a process that encompasses (1) hardening and securing assets,... Read Full Review