This Paperback Book item from Wiley was reviewed on 13-Jun-2008.
Search ISBN:076454280X offer from Abebooks or used books from Alibris. The Art of Deception: Controlling the Human Element of Security Reference Book. Classifications : MIS Industries & Professions Business & Investing Subjects Books E-commerce Internet Marketing Online Banking Online Trading Industries & Professions Business & Investing Subjects Books Culture Busine . Click the following link to view the cover of The Art of Deception: Controlling the Human Element of Security. Related topics: MIS. Subjects. Books. E-commerce. Internet Marketing. Online Banking. Online Trading. Subjects. Books. Culture. requestid: a3f40af7-9eb6-4f61-87c1-0518976050bb
requestprocessingtime: 0.3201930000000000
salesrank: 8076
edition: 1
numberofitems: 1
packagedimensions: 10087095600
1) Paperback Book The Art of Deception: Controlling the Human Element of Security by Wiley. Adequate for noobs and pros to understand how important social engineering in our security is, this applied not only in software; you can relate it with anything in your live.
Highly recommended
¤ 2) Paperback Book The Art of Deception: Controlling the Human Element of Security by Wiley. This is a great, but frightening book. The book explains many, many ways how "social engineers" (what the author calls those who manipulate strangers) can take advantage of people. These stories are clearly and convincingly illustrated by examples. Unfortunately, when one realizes all the people who have access to their private information and that it only takes one to fall for the kind of tricks mentioned here, it is clear that safety is all but impossible. That said, this can serve as a wake up call to fix what we can, especially in our own workplaces. My one complaint with the book is that the sample security policies in the last chapter were not available electronically.
¤ 3) Paperback Book The Art of Deception: Controlling the Human Element of Security by Wiley. This is a great starting point for anybody interested in deceit. While the book focuses on "real-world" deceit, many of the principles carry over to online crime. It is very easy to read, and yet, informative and helpful. If you want to find an answer to the question "Just how much will people agree to?" then this is the book for you to read -- whether you are a system administrator, security researcher, policy maker, or simply interested in understanding fraud and psychology better.
Markus Jakobsson
[..]¤ 4) Paperback Book The Art of Deception: Controlling the Human Element of Security by Wiley. This book is filled with information that you would not believe. I never read books ever, but this is one of the few exceptions. It is truly amazing!¤ 5) Paperback Book The Art of Deception: Controlling the Human Element of Security by Wiley. Kevin Mitnick, probably the most famous (and controversial) computer hacker of the 1990´s, has spent several years of his life on the run, as well as a few years in jail. For years after leaving prison he was forbidden to log on to a computer, a prohibition he appealed successfully. He now runs a computer security business, lectures to large corporations, and has co-authored two books on computer network security.
This book focuses on the human element of computer security. Reminding us that even the most sophisticated high-tech security systems can be rendered worthless if the people running them are not sufficiently vigilant, Mitnick goes on to point out the myriad ways in which human carelessness can contribute to security breaches. An experienced con artist who is well-versed in social engineering techniques can often do far more damage by manipulating people to provide information they shouldn´t than by relying on technologically sophisticated hacking methods.
The book is interesting for the most part, though it would have benefited from a 25% reduction in length, and there are some annoying stylistic tics. Throughout the first 14 chapters, each of which reviews a particular type of `con´ used by hackers/social engineers to breach computer security, the chapter setup follows the same schema:
(i) an anecdote or vignette, involving fictitious characters but based on actual events, which lays out the deception as it unfolds, following it through to the successful breach (ii) analysis of the `con´, focusing specifically on the mistakes or behaviors (at the individual and at the organizational level) which allowed it to succeed (iii) discussion of the changes that would be needed to stop the con from succeeding (e.g. behavior of individual employees, corporate policies and procedures, computer software and hardware). This is actually a pretty decent way to make the points Mitnick wants to get across - starting out with a concrete example of how things go wrong gets attention and motivates the reader to read on to figure out the solution.
One feature of the book which was meant to be helpful started to annoy me by about the third chapter. Interspersed throughout each chapter, the authors insert highlighted textboxes of two types: `lingo´ - repeating the definition of a concept already adequately defined in the text, or `mitnick messages´ - which seemed superfluous, and a little condescending, as they generally repeated what was already obvious. In general, this is not a book you will read for the delights of its prose style (after successfully gaining access to a cache of hidden documents, one hacker is described as spending his evening gleefully "pouring over" the documents); however, the prose is serviceable, managing to avoid lapses into the dreaded corpspeak, for the most part.
For some readers, the most useful part of the book may be its final two chapters. Here the authors lay out, in considerable detail, outlines for recommended corporate information security policies, and an associated training program on information security awareness. Though I am no expert in these areas, the outlines strike me as being commendably thorough - complete enough that they could be fleshed out without too much difficulty to generate a comprehensive set of policies and procedures.
Despite some redundancy, and occasional infelicities of style, this book seemed to me to be interesting, and likely to be practically useful.¤ 6) Paperback Book The Art of Deception: Controlling the Human Element of Security by Wiley. The world´s most infamous hacker offers an insider´s view of the low-tech threats to high-tech security
Kevin Mitnick´s exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world´s most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief."
Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.¤ 7) Paperback Book The Art of Deception: Controlling the Human Element of Security by Wiley. The Art of Deception is about gaining someone´s trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios. After Mitnick´s first dozen examples anyone responsible for organizational security is going to lose the will to live. It´s been said before, but people and security are antithetical. Organizations exist to provide a good or service and want helpful, friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can´t be squared. Considering Mitnick´s reputation as a hacker guru, it´s ironic that the last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organizations and were probably known to the Phoenicians; technology simply makes it all easier. Phones are faster than letters, after all, and having large organizations means dealing with lots of strangers. Much of Mitnick´s security advice sounds practical until you think about implementation, when you realize that more effective security means reducing organizational efficiency--an impossible trade in competitive business. And anyway, who wants to work in an organization where the rule is "Trust no one"? Mitnick shows how easily security is breached by trust, but without trust people can´t live and work together. In the real world, effective organizations have to acknowledge that total security is a chimera--and carry more insurance. --Steve Patient, amazon.co.uk¤ Page Updated: Robert N. Goolsby, 11-Jul-2008, 076454280X723812622115, 070-030-610-0X0-871-411-8 
The Art of Deception: Controlling the Human Element of Security, Book, Image © Wiley
|
