The Process of Network Security: Designing and Managing a Safe Network

I got this book and I am happy that I bought it. Read it twice - gives really practical advise on security issues. It will walk you thru' office politics and gives new perspective on system security. It also helped me with my CISSP study. If you are responsible for your company's IT security, this is a must have book for your security library. ...CISSP, MCSE, CCNA

Mr. Wadlow has written a truly useful book that sorts out the many facets of security and recasts them into a complete and straightforward approach to implementing an effective security organization. The only thing I found wrong with this book is the title because the approach is not confined to network security. This book serves as a model for all IT security, and can be applied to data centers, servers and the other components of a large, complex IT suite.He starts out with the foundation, writing a security policy, and offers excellent advice on how to go about this important task. Policy writing is an art and a science, and it is apparent that Mr. Wadlow knows his stuff here. An ambiguously worded or unenforceable policy is next to worthless and he shows how to avoid both of those pitfalls.I liked the chapter titled "Who is Attacking You?" because it forces you to carefully consider threats and exposures, which is the first step towards crafting a plan for dealing with them. I also liked the chapter on the security design process because it is methodical and repeatable. One of the difficulties in developing an encompassing security approach is driving the stake into the ground, and the process given shows just where to drive it and how to proceed from there. This is a good prelude to the chapter on building a security team, which proposes a sensible structure and completely addresses requirements. The chapters on the technical aspects, such as fortifying network components, physical security, and network monitoring and auditing are true best practices and can be modified to fit other areas of IT (as mentioned at the beginning of this review).As a consultant I particularly liked the chapter that addresses quantifying the value of security. However, this is not only for consultants - security is expensive and requires both dedication and resources, both of which are costly. This material goes a long way towards building a compelling business case for an effective security posture and for proving its ongoing value to management who might think of it as a necessary evil that sucks up more budget share than it is worth. When faced with the wild world of attackers and the internal bean counters it is sometimes difficult to determine who the real enemy is :-)The book ends with excellent chapters on preparing for an attack, handling it and analyzing the aftermath for lessons learned and future preventive measures to incorporate. Overall, this section is the life cycle of an incident and should be carefully read.I obviously like this book a lot. I think it provides a structure and method for designing and implementing a sound and effective security strategy. Moreover, the approach can easily be expanded to encompass off of IT, making this book all the more valuable. I strongly recommend and would give it more than 5 stars if I could.

I teach computer systems management to students here at Harvard University. Every day someone asks me a question that is answered in Mr. Wadlow's book. Here he explains the way to *_think_* about computer security - before you implement any solution. For anyone who has to design a secure computing infrastructure, Mr. Wadlow's book is the book for you! The art of Computing Security has been made clear by Mr. Wadlow's thoughtful discussions of the trade offs. Every manager of computing professionals should read this book. Mr. Wadlow's writing style is entertaining and informative. Spend a morning with this book and your afternoon will be very productive.

Wadlow's _The Process of Network Security: Designing and Managing a Safe Network_ may set a new standard for presenting information about the policies, procedures and designs required to build and operate secure networks.This book contains a plethora top-notch information about secure computer network design and it thoroughly details the policies, standard operating procedures and day-to-day operations and maintenance of a secure network.But also it comes as a pleasant surprise that this book's content does not operate in a void: it includes well thought out information about how to be a network security manager and how his/her staff can peacefully exist within a business organization.Lastly, and perhaps most importantly, this book presents boiler plate information and illustrations which allow the reader to begin securing his/her computer network quickly.

Wadlow's new book is full of sage and useful guidance for medium to large organizations that are completely dependent upon the Internet. Intended mainly for the chief security officer, or the administrator responsible for information protection, this book is not so much about technology as it is about how to apply technology. It clearly describes how to effectively configure and administer your information systems and your staff in order to prevent security incidents and, when the inevitable does happen, to recover as quickly and completely as possible.With 20 years of relevant experience, the author has done some deep thinking on this subject. As an example, he lists 27 different job functions performed by the security team. Will any organization actually have 27 different security specialists? No, but any security manager would be well-advised to review that list to ensure that all necessary functions are covered by somebody.Wadlow provides helpful ideas on creating an effective security policy-even when management hasn't bought into the idea yet, and has sound advice on both hiring and firing staff. Read the chapters "Preparing for an Attack" and "Handling an Attack" before its too late. Chapters on auditing, log file analysis, and forensics all provide concrete guidance on these difficult processes.The book is filled with helpful analogies that are useful in developing an understanding of the nature of network security. One of the biggest difficulties in training people to become effective in the security arena is in developing the mindset-an innate understanding of information security dynamics. You need a grasp of the big picture to have that intuitive realization that without a constant proactive security effort, you are actually moving backwards. It is a process and Wadlow presents it in a clear and compelling fashion.If you want to think securely-if information security is part of your current or future responsibilities and you'd like a more mature concept of what that entails, then you will find this book invaluable.