Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Tim Lawless (lawlessnetdoor.com)
Date: Sun May 20 2001 - 15:46:25 CDT
The bible looks quite good,
However, the depth of technical detail covered in the materials
exceeds that that one should expect to find on the CSSIP exams.
Remember, 50 miles wide, 2 inches deep.
With that in mind, I will add a couple suggestions to the materials list:
-- Security in Computing, by Pfleeger.
A good cover in basic theory of computer security. A little weak
on PKI (no mention really) but a sound introduction to encryption.
Some material may seem old from this book, but remember although
new materials get added to the exams, old material remains.
-- Intrusion Detection, by Rebecca Gurley Bace
This is one of the few book I have run across where intrusion
detection and network-based intrusion detection are not treated
as one in the same.
This gives one an excelent understanding of what intrusion detection
realy is, paying attention to the often-overlooked host-based arena.
-- Investigating Computer-Related Crime
An intresting read. It is obvious it was not ment for the
technical reader, however it does give the technical reader
insight into the legal and law-enforcement arena of how
cyber-forensics is conducted.
-- Information Warfare, Principles and Operation, by Edward Waltz
Although Denning's "Information Warfare and Security" is jucy,
Waltz takes the reader through the theory of information warfare.
The principles that he presents are not limited to the
computer area, but germane to any information security officer.
After reading this one the reader should have a better
(almost zen-like) understanding of the big-picture of IW, and
how Critical Infrastructure Protection (CIP) fits into the
information security picture.
As an asside, and for a short read (4-5 hours) I would also recommend:
-- Cyberspace and the Use of Force
An analysis of the legal issues involved in information warfare.
This is intresting if you deal with industries that cross national
borders, or the goverments/military themselves.
The author explains international war-time, peace-time, and laws of
aggression and puts them into the context of information-systems
This analysis is particularly intresting, when applied to recent
actions by the FBI in the penetration of computers possessed by
'hackers' in russia to acquire evidence. But, If I say more
that would be telling, now wouldn't it?