Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Professional Education)

Author - Ben Rothke ... [Goo?] [Posters]

This Paperback Book item from McGraw-Hill Osborne Media was reviewed on 2-Aug-2008.

Search ISBN:0072262826 offer from Abebooks or used books from Alibris. Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Professional Education) Reference Book. Classifications : Networking Data in the Enterprise Home Networks Internet, Groupware, & Telecommunications Intranets & Extranets Network Administration Network Programming Network Security Networks, Protocols & APIs T . Click the following link to view the cover of Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Professional Education).

Related topics: Networking. Home Networks. Network Programming. Network Security. Telephony. Wireless Networks. Subjects. Books. General. Subjects.

1) Paperback Book Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Professional Education) by McGraw-Hill Osborne Media. I think we know that there are constant threats to our computer systems. Confidential information can be grabbed from us, and computer viruses can slow down or stop processing, as well as introduce plenty of unwanted material.

As Ben Rothke explains, that means that we need to use great caution in downloading (or even "upgrading") software, especially on company computers. When asked for personal information on the internet, we need to be very wary indeed. And, of course, we need to avoid giving others (even co-workers) our personal access to restricted sites.

Passwords can be tricky. I have successfully guessed a couple of passwords used by others, so my advice is to avoid using your own name (or even an anagram of it) or the names of your children or pets! Yes, I know that it is not easy to remember a large number of passwords, and that sudden requests of the form "Your password has expired, please enter a new password at once!" generally result in some of the most absurd choices of passwords. But you still ought to look at phrases and then choose the first letters of them or just use multiple short words, including a couple of numerals and a punctuation mark. These can actually be remembered, and if you have trouble, you can write down reminders that do not include the actual password.

By the way, you may want to be really careful when you log into any system. Some systems keep track of your login name and this record may be accessable by all sorts of people. If you accidentally type in your password instead of your login name, you really ought to change that password.

This book covers threats from worms and viruses, as well as a variety of e-mail hoaxes. It does discuss firewalls. And it reminds us that pocket PCs are computers too, and that their use can entail the same sort of risks as using a larger computer.

As this book explains, if you leave your computer unattended, others may simply take advantage of this to gain access to all sorts of confidential material. To top it off, they may even swipe your computer, especially if it is a laptop or PDA and not physically secured.

One can read this book in a short time, and I think doing so is a good idea for those of us who use computers, especially at work.¤

2) Paperback Book Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Professional Education) by McGraw-Hill Osborne Media. Exec summary: This neat little booklet summarizing computer security for ordinary employees could usefully support a structured security awareness program, but do not rely on it alone.

Here are the `20 things every employee should know´:
1. Phishing and spyware - don´t click links requesting personal info or download programs from unfamiliar companies, and set browser security
2. Identity theft - be careful over phone and web, monitor finances
3. Responsibility - guard your `access credentials´ and follow policies
4. Passwords - choose wisely, don´t write them down and don´t share them
5. Malware - be aware of the threat, update anti-virus and anti-spyware, be careful with email attachments
6. Telecommuting/home working and remote access - use a personal firewall, encryption and physical security
7. Email - be cautious with attachments, update your antivirus software
8. Email hoaxes - spot them, check them and don´t forward them
9. Web surfing - minimize personal use, avoid cookies and software downloads
10. Internet use - don´t visit chat rooms at work, take care with IM
11. Instant Messaging - don´t release secrets or illicit material, update IM software
12. Firewalls and patches - use a personal firewall, patch the system and update antivirus
13. PDAs - physically secure them, use passwords and encryption, and disable wireless autoconnection
14. Backups - schedule backups and store them securely
15. Classified data - respect classifications, log off or lock up the PC when not in use
16. Office IT security - apply the clear desk policy, physically protect PDAs/USB devices etc. and securely delete or shred sensitive information before disposal
17. Social engineering - be alert, don´t disclose sensitive information without verifying the requester
18. Appropriate use of corporate IT equipment - limit personal use
19. Seek help - call the incident response team if a security incident occurs
20. Keep things in context - be alert, understand the risks and act intelligently

This is a good breadth of topics to cover, broadly resembling the security awareness topics we cover in NoticeBored Classic. There is some duplication and a few apparent gaps (see below) but overall, it´s a good mix.

Each topic is covered in a double-page spread with about 400 words. That´s actually quite a lot for an awareness booklet meaning that some employees may need `gentle persuasion´ to read it. Some case-study type real world examples and news stories might have spiced it up a bit.

Despite being promoted for use by non-technical employees, the language sometimes slips briefly into jargon (e.g. "Never share your information security credentials, whatever the circumstances" on page 5). The booklet ends with a reasonable 5-page information security glossary in which some of the explanations could have been further simplified, de-jargonized and put into plain English (e.g. "Security incident - Act that deviates from the requirements of security policy"). On the whole, though, the booklet should be reasonably accessible to the average computer-using reader.

In my opinion, the following are relatively weak:
- Security of USB devices and wireless networks should be covered in more depth - these are increasing threats that, to some extent, post-date the book;
- The backup section could usefully mention contingency planning;
- It would be good to advise employees not to mess with the security configuration settings of their desktop systems, perhaps in the context of change and configuration management;
- Compliance with legal and regulatory obligations might be mentioned in the same context as corporate policy compliance;
- There is nothing on software development or risk assessment: end users who develop spreadsheets and other desktop applications should be aware of the need to make them secure;
- It´s a shame there is no quick summary (such as the list shown above). Perhaps the next edition might include a pull-out-and-keep reminder postcard?
- There are no obvious reference sources for those readers who might be interested enough to want more information.

[Ben tells me he´s added these ideas to the to-do list for the 3rd edition :-)]

At just $8 per copy, it should be economic to purchase a pile of these to distribute around the company, hand out when people sign their acceptance of the corporate security policy and add to the goody-pack presented to new employees during the first day employee orientation/induction course. You *do* have a security slot in your induction course, don´t you?¤

3) Paperback Book Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Professional Education) by McGraw-Hill Osborne Media. Great book.
Short, to the point, and very readible for every user.

It is a bargain at the price.

Have all your users read this is you want a good security awareness program.¤

4) Paperback Book Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Professional Education) by McGraw-Hill Osborne Media. Having served as the person in our firm with the most paranoia about computer security, I have been constantly struck by how careless people can be in this area. It´s as though computer security can be assumed to be in place . . . rather than being something that needs to be encouraged, nurtured and observed.

While I often read technical manuals on computer security to catch up with the latest, none of those manuals could hope to attract a full reading by anyone who has ever worked for me.

I was delighted to find that the Second Edition of Computer Security: 20 Things Every Employee Should Know has everything in it that I hope all my employees will remember to do.

The book is brief, it´s accurate and it´s easy to understand.

If you follow Mr. Rothke´s advice, most major problems will be avoided.

The book opens by explaining about phishing and spyware by explaining what they are and why an employee should want to avoid them. Here´s the advice:

1. Don´t reply or click on links asking for personal or financial information.
2. Don´t download programs from companies you don´t know.
3. Keep your computer secure with pop-up blockers, a fire wall, and anti-virus and anti-spyware software.

I particularly liked the non-technical advice such as the one on avoiding identity theft.

The book also has little case studies of what can go wrong. One of my favorites was an employee who wanted to go home and let a new employee use his security access card so she could keep working.

Where there is a technical element, Mr. Rothke keeps that simple. For instance, protection by having a password that contains both numerals and letters is explained in terms of the new programs that can be used to check standard English words and names in a few minutes.

There are also useful hints that are unrelated to being an employee such as being aware that your company may be tracking your usage. Do you really want people to know all about your personal habits? If not, don´t pursue them at work or on a company device?

For more complicated situations, Mr. Rothke explains when to go for help from the company´s IT security team. Many people don´t realize they can make things worse by trying to fix problems themselves.

Nice going, Mr. Rothke!¤

5) Paperback Book Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Professional Education) by McGraw-Hill Osborne Media. Network security is only as strong as its weakest link. Having top of the line firewalls, intrusion detection, antivirus and other security tools deployed will do little good if a user unwittingly gives his username and password to a malicious attacker. The sad fact is that the users, the employees who use the network, are the weak link in the security chain.

The other issue is that many employees don´t truly care about company assets, or at least not enough to embark on a journey to learn about how to better secure them. But, most people have computers at home tha they use personally and have kids that use them. That means that they have a vested interest in learning computer and network security, even if it isn´t because they want to safeguard the company network.

Rothke´s book provides brief, but clear, explanations of 20 of the most important things that users should know in order to use their computer, e-mail, and the Internet without becoming a victim. Some of the information, such as Use Firewalls and Patches, is really outside the scope of what an employee should know. But, they can apply the information at home and it provides a better understanding of why they need those things at work as well.¤

6) Paperback Book Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Professional Education) by McGraw-Hill Osborne Media. It’s five o’clock, do you know where your confidential office document is? The truth is that many employees may not. This convenient handbook brings your workplace up to speed with 21st century security issues from computer passwords to hard copy document disposal. Covers technical issues and social engineering scenarios that put corporate security and data at risk.¤

Page Updated: Robert N. Goolsby, 30-Aug-2008, 00722628269780072262827, 260-890-870-670-390-581-8

Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Professional Education), Book, Image © McGraw-Hill Osborne Media

Search: McGraw-Hill Osborne Media, Book Posters, Book Art