OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Tim Lawless (lawlessnetdoor.com)
Date: Sun May 20 2001 - 15:46:25 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    The bible looks quite good,

    However, the depth of technical detail covered in the materials
    exceeds that that one should expect to find on the CSSIP exams.
    Remember, 50 miles wide, 2 inches deep.

    With that in mind, I will add a couple suggestions to the materials list:

      -- Security in Computing, by Pfleeger.

         A good cover in basic theory of computer security. A little weak
         on PKI (no mention really) but a sound introduction to encryption.

         Some material may seem old from this book, but remember although
         new materials get added to the exams, old material remains.

      -- Intrusion Detection, by Rebecca Gurley Bace

         This is one of the few book I have run across where intrusion
         detection and network-based intrusion detection are not treated
         as one in the same.

         This gives one an excelent understanding of what intrusion detection
         realy is, paying attention to the often-overlooked host-based arena.

      -- Investigating Computer-Related Crime

         An intresting read. It is obvious it was not ment for the
         technical reader, however it does give the technical reader
         insight into the legal and law-enforcement arena of how
         cyber-forensics is conducted.

      -- Information Warfare, Principles and Operation, by Edward Waltz

         Although Denning's "Information Warfare and Security" is jucy,
         Waltz takes the reader through the theory of information warfare.
         The principles that he presents are not limited to the
         computer area, but germane to any information security officer.

         After reading this one the reader should have a better
         (almost zen-like) understanding of the big-picture of IW, and
         how Critical Infrastructure Protection (CIP) fits into the
         information security picture.

    As an asside, and for a short read (4-5 hours) I would also recommend:

      -- Cyberspace and the Use of Force

         An analysis of the legal issues involved in information warfare.
         This is intresting if you deal with industries that cross national
         borders, or the goverments/military themselves.

         The author explains international war-time, peace-time, and laws of
         aggression and puts them into the context of information-systems
         based warfare.

         This analysis is particularly intresting, when applied to recent
         actions by the FBI in the penetration of computers possessed by
         'hackers' in russia to acquire evidence. But, If I say more
         that would be telling, now wouldn't it?

    TTFN,

    --Tim