This was going to be one of four type’s of book: lots of technical detail and code fragments for programmers or sensational stories of the type found in the popular press. It could have dived off deep in to maths of algorithms and ciphers. Fortunately, it is the fourth type a sane sensible look at network security for managers.
I know it says Internet security but these days the Internet is just an extension of a normal office network. At one time viruses were spread on floppy disks now the vast majority get on to the pc either directly from the internet or across the office network.
The book has no source code, no maths or protocol bits and bytes. What it does have is a non-sensational look at who hackers are, why they do it and what sort of holes there are. Most importantly, it tells you how to go about stopping them. Well actually, it does point out you can’t stop hackers…. So there are constant warnings, the all you can do is minimise the risks and never get complacent. This is strategy and management rather than how to use specific software or systems.
Interestingly this book is going to make you see that antivirus software and firewalls are not infallible. You can’t just fit them and relax contented that you are safe. Then again it is not full of “scare stories” It is balanced, reasoned and at a level that most managers (technical or non-technical) are going to understand the problems and the solutions in general without getting demoralised or thinking it is easy.
Whilst the book has a slight US bias it is not a problem and everything should apply in most countries and hackers are of course international as on the ‘net all geographical places are the same place.
There is the obligatory section on cryptography, public keys etc. and a very useful section on VPN, which is something, many companies now use and many don’t for the exact same reasons!
This is by far the most dispassionate and well-balanced book I have come across in this subject. It handles a subject that is both precise yet very nebulous and riddled with myths in a way that lets you see clearly and assess the risks without panic. I recommend it for all non-technical managers… Actually all managers, I bet half the technically astute managers don’t know the realities of the myths etc.