Experiment in Blogging.

  
About

"I have only made here a collection of other people's flowers having provided nothing of my own but the cord to bind them together." -- Montaigne, Essays, Book 3, Chapter 12.

Archive

My links

American Civil Liberties Union

Utne Reader

Whole Earth 'Lectronic Link: The Well

RSS Newsfeed for this blog

 

New Window Option

links open windows.

 

This page is powered by Blogger. Isn't yours?

Friday, October 18, 2002

 

New book: Kevin Mitnick on the Human Element of Security.

Amazon.com Books: buying info: "The Art of Deception: Controlling the Human Element of Security"
by Kevin D. Mitnick & William L. Simon. Published: October 2002.

http://www.amazon.com/exec/obidos/ASIN/0471237124/

Apparently, the principal qualification of this book's principal author is that he's spent years in federal prison for computer security crimes. ;-)

"The most important point is that computer and information security is not and can never be a one size fits all solution" says Mitnick. "One cannot buy an expensive box and assume all problems are solved.[My emphasis. -hb] It all comes down to worker training and constant, diligent efforts on the part of all workers in a company to achieve a reasonable level of information security." -- Kevin D. Mitnick.

The Barnes & Noble Review says:

"Mitnick presents the best discussion of "social engineering" we’ve ever seen: the art of understanding how to trick people into voluntarily handing over the information needed to break into computer systems."

-- http://search.barnesandnoble.com/booksearch/isbnInquiry.asp?isbn=0471237124

Table of Contents

Foreword.
Preface.
Introduction.

Part 1: Behind the Scenes.
Chapter 1: Security's Weakest Link.
Part 2: The Art of the Attacker.
Chapter 2: When Innocuous Information Isn't.
Chapter 3: The Direct Attack: Just Asking for It.
Chapter 4: Building Trust.
Chapter 5: "Let Me Help You".
Chapter 6: "Can You Help Me?".
Chapter 7: Phony Sites and Dangerous Attachments.
Chapter 8: Using Sympathy, Guilt, and Intimidation.
Chapter 9: The Reverse Sting.

Part 3: Intruder Alert.
Chapter 10: Entering the Premises.
Chapter 11: Combining Technology and Social Engineering.
Chapter 12: Attacks on the Entry-Level Employee.
Chapter 13: Clever Cons.
Chapter 14: Industrial Espionage.

Part 4: Raising the Bar.
Chapter 15: Information Security Awareness and Training.
Chapter 16: Recommended Corporate Information Security Policies.

Security at a Glance.
Sources.
Acknowledgments.
Index.

Herb 5:26 PM