suggested light reading:

Secrets and Lies; Bruce Schneier;

this is the best general introduction to information security [of
which computer security is a subset] meant for non-technical types. I
tend to hand copies to CEO/CFO/CIO types, this frequently has the side
effect of increased security budgets.

Security Engineering; A guide to building dependable distributed systems;
Ross Anderson [UK]

This is a more nuts and bolts of design/architecture book for building
systems that are hardened "out of the box". I tend to hand it to
developers and CIOs.

These two books are mandatory reading in my corner of the universe. May I
also suggest that cluetrain manifesto is also useful reading as well if you
happen to run your own company etc. [marketing for people who hate marketing]

other light reading includes the topics of forensic audit, subject psych
profiling and analysis, tactics and strategy [book of the 5 rings by
Musashi is excellent for this].

My suggestion is that to be good in security, one should have as broad a
knowledge base as possible in as many different environments as possible.
[Novell, Banyan, IOS, firewalls, ms stuff etc] as a problem solution from
one environment can frequently be helpful in resolving issues in a
different environment. The core concepts are all basically the same, the
specificy keystrokes are different but frequently not very different.

Study and learn from history, there are no problems in the computer world
that havent already been analogously solved in the "real world". the point
is to identify the corelation.

oh, and no, I'm not at all surprised by the CISSP people wanting to know
about "previous underground hacker types" as they probably dont want to
have anyone associated who might embarass them or cause other problems by
potentially mis-behaving.

Cheers
-sr [amateurs hack systems, professionals hack people].

At 07:56 12/11/2001, Andrew Alston wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
><Snip other stuff>
>By the way, I have planned to buy the following books -
>
><More snipping>
>
>Hacking Exposed
>Hacking Linux Exposed
>
>Just one comment here, on the CISSP form when you apply to write they
>ask you if you have had any previous dealings in the
>hacking/underground world... if you have you have to write a fairly
>lengthy in deapth motivation as to your reasons before they let you
>write, and they WILL be sticky about it, so if you have been trying
>in that arena as an area of learning, either stop in a hurry or be
>prepared for that.
>
>It took them over a month to approve me writing, even with a long
>letter of explanations because of my previous background which I had
>given up years before, so heed this warning :)
>
>Andrew

=====================================================================

Sean Rooney;
CEO/CTO
ColdStream Associates Ltd. http://www.coldstream.ca
551A Bloor Street West, Phone: (416)516-8998
Suite 3, Fax: (416)516-9737
Toronto, ON Canada

"We think the unthinkable, speak the unspeakable and do the impossible...
...so you don't have to".
         -anon.

======================================================================

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]