Book Reviews: Information Security Books and Product Reviews – Network Security Auditing

Network Security Auditing

Book Title: Network Security Auditing

Author: Chris Jackson

Publisher: Cisco Press

Date of Publishing: June 2010

ISBN(13): 9781587053528

Price: £50.00GBP    $70USD

URL of Publisher Site: Cisco Press

URL of Amazon UK web page: Network Security Auditing (Cisco Press Networking Technology)

URL of Amazon US web page: www.amazon.com

This book (whilst being very informative and well written) clearly has a bias towards the US market and this factor is likely to frustrate those readers from elsewhere in the world.  Chapter 2, entitled ‘Information Security and the Law’, is a good example of this bias, focusing almost exclusively on US legislation and whilst the legislative security standards adopted in the US are similar to those in other countries, there are still significant differences that this book does not cover.In addition, there is an assumption (for much of the technical content) that readers are using (or are going to be using), Cisco hardware/software to the exclusion of all other products. Whilst accepting that Cisco products are popular (and this is written by Cisco Press), by focusing almost entirely on this range of networking products (to the exclusion of all other manufacturers) it has the potential to limit the readership further. This would be a shame as this book provides a very good reference for IT networking professionals.Putting these two areas aside, this book is well written, informative and reasonably comprehensive, covering a wide area of subjects in a logical, straightforward manner.The use of both commercial and open source tools to assist in auditing and validating security policy assumptions is covered well. There is also sufficient information provided to assist the reader help create, define and construct relevant policies in support of the technical information provided within.From a standards perspective, the book provides an overview of the main security standards, such as COBIT, ITIL, and ISO 17799/27001, and gives an outline of how to utilise each of these security standards when using or employing Cisco products. Network Security Auditing also provides a number of useful auditing checklists for various domains and provides examples (and outlines a number of differing solutions) to enhance an organisation’s security profile. It covers key areas of network security likely to be of relevance to those working in information security and provides a good grounding of basic (and more advanced) networking tools and techniques. These will be of great value in helping you secure critical data and protect network resources along with the guidance on how to help prevent and/or mitigate network attacks and other malicious activities. Diagrams, checklists and screenshots are used to good effect throughout the book and these assist when digesting the technical information, which at times is very detailed indeed.

The overriding consistent theme throughout this book is that of auditing (be this technical or policy based). The author is at pains (and quite rightly in my view) to reinforce the message that just having policies, procedures and network operational security in place is insufficient unless these are complimented by a comprehensive, proactive auditing regime.

Despite the very obvious Cisco slant, Network Security Auditing provides a detailed, technical, auditing reference with respect to Information Security. It provides the reader with detailed diagrams and screenshots in support of the technical information along with comprehensive checklists.

Marks: 4 out of 5

****

You don`t have permission to comment here!