The Myths of Security: What the Computer Security Industry Doesn't Want You to Know Review

Posted by Richard Wyant on 5/22/2013 / Labels: , , , , , , , , ,
The Myths of Security: What the Computer Security Industry Doesn't Want You to Know
Average Reviews:

(More customer reviews)Are you looking to buy The Myths of Security: What the Computer Security Industry Doesn't Want You to Know? Here is the right place to find the great deals. we can offer discounts of up to 90% on The Myths of Security: What the Computer Security Industry Doesn't Want You to Know. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

The Myths of Security: What the Computer Security Industry Doesn't Want You to Know ReviewLet me start by saying I usually like John Viega's books. I rated Building Secure Software 5 stars back in 2005 and 19 Deadly Sins of Software Security 4 stars in 2006. However, I must not be the target audience for this book, and I can't imagine who really would be. The book mainly addresses consumer concerns and largely avoids the enterprise. However, if most consumers think "antivirus" when they think "security," why would they bother reading The Myths of Security (TMOS)?
TMOS is strongest when Viega talks about the antivirus (or antimalware, or endpoint protection, or whatever host-centric security mechanism you choose) industry. I didn't find anything to be particularly "myth-shattering," however. I have to agree with two of the previous reviewers. Many of the "chapters" in this book could be blog posts. The longer chapters could be longer blog posts. The lack of a unifying theme really puts TMOS at a disadvantage compared to well-crafted books. I was not a huge fan of The New School of Information Security or Geekonomics (both 4 stars), but those two titles are better than TMOS.
If you want to read books that will really help you think properly about digital security, the two must-reads are still Secrets and Lies by Bruce Schneier and Security Engineering, 2nd Ed by Ross Anderson. I would avoid Bruce's sequel, Beyond Fear -- it's ok, but he muddles a few concepts. (Heresy, I know!) I haven't read Schneier on Security, but I imagine it is good given the overall quality of his blog postings.
If you want to shatter some serious myths, spend time writing a book on the "80% myth," which is stated in a variety of ways by anyone who is trying to demonstrate that insider threats are the worst problem facing digital security. If you're going to pretend to debunk open source security, why not back it up with some numbers? Studies have been published recently, and original research and results would be welcome. How about demonstrating that user awareness training wastes money, because enough marks fall prey anyway? I'd also like to see research showing that frequent password changes are worse for security, not better. Wrap all of that in a coherent manner with substantial chapters and you have a real TMOS book.The Myths of Security: What the Computer Security Industry Doesn't Want You to Know Overview

Want to learn more information about The Myths of Security: What the Computer Security Industry Doesn't Want You to Know?

>> Click Here to See All Customer Reviews & Ratings Now

0 comments:

Post a Comment