I was tasked with building an online course in Cyber security for a major online university, and was assigned the book, "Cyber Security and Global Information Assurance," edited by K.J. Knapp, as the primary textbook for the course.
Knowing that most online students would be in the "continuing education" category, I was hoping that this book would assist those who have some real-world experience into more advanced topics. Unfortunately, the book is highly theoretical and written by academics for academics.
Take chapter 1, for example. In the research of Black Markets for cyber vulnerabilities, the authors selected twelve (12) sites for their study, and based their conclusions on findings from those 12 sites. Never mind that there are literally thousands of hacker, black-market, and torrent sites out there making personal information, exploits and mal-ware available. Because of this tiny data sample, the authors then "hypothesized" and "assumed" their facts and conclusions.
If I were trying to impress a university professor with my scholarship, I would certainly want to include formulae, charts, graphs, and use $100 words, making my thesis appear PhD-ish. This book accomplishes that goal. As an IT systems administrator, however, understanding the sources and theories of cyber exploits is great, but having the actual solutions is better. This book is great on the former, and weak on the latter. "Identify attack paths and block them," is great high-level advice, but there is no "how" or "with what" advice anywhere in that chapter.
It was also clearly evident that many of the contributing authors are not native English speakers, and Mr. Knapp allowed their improper sentence structures and poor grammar to pass through to the final product. Chapter 2, for example, takes the form of a "student's notes" approach to writing. Here's just one out of hundreds of examples: "Amman et al. (2002) shows how assumption of monotonocity helps to address scalability problem of attack graph." [p. 25] Very little proofreading for punctuation was done, either. I don't think Mr. Knapp wanted to offend any of his authors by actually correcting their English; however, that oversight made the book much harder to read than necessary.
Overall, I found the book informative, but I was less impressed with its actual usefulness for system administrators, and was frustrated by the lack of editing.
Author(s): Kenneth J. Knapp
Series: Advances in Information Security and Privacy
Edition: 1
Publisher: Information Science Reference
Year: 2009
Language: English
Pages: 459
Title
......Page 2
Table of Contents......Page 7
Detailed Table of Contents......Page 10
Foreword......Page 17
Preface......Page 19
Acknowledgment......Page 23
Dynamic Modeling of the
Cyber Security Threat Problem:
The Black Market for Vulnerabilities......Page 26
An Attack Graph Based
Approach for Threat
Identification of an
Enterprise Network......Page 48
Insider Threat Prevention,
Detection and Mitigation......Page 73
An Autocorrelation
Methodology for the
Assessment of Security
Assurance......Page 100
Security Implications for
Management from the Onset of
Information Terrorism......Page 122
The Adoption of
Information Security
Management Standards:
A Literature Review......Page 144
Data Smog, Techno Creep and
the Hobbling of the Cognitive
Dimension......Page 166
Balancing the Public Policy
Drivers in the Tension between
Privacy and Security......Page 189
Human Factors in Security:
The Role of Information Security
Professionals within Organizations......Page 209
Diagnosing Misfits, Inducing
Requirements, and Delineating
Transformations within
Computer Network Operations
Organizations......Page 226
An Approach to Managing
Identity Fraud......Page 258
A Repeatable Collaboration
Process for Incident Response
Planning......Page 275
Pandemic Influenza, Worker
Absenteeism and Impacts on
Critical Infrastructures:
Freight Transportation as an Illustration......Page 290
Information Sharing:
A Study of Information Attributes and their
Relative Significance During
Catastrophic Events......Page 308
An Overview of the Community
Cyber Security Maturity Model......Page 331
Server Hardening Model
Development:
A Methodology-Based Approach to
Increased System Security......Page 344
Trusted Computing:
Evolution and Direction......Page 368
Introduction, Classification and
Implementation of Honeypots......Page 396
Compilation of References......Page 408
About the Contributors......Page 445
Index......Page 455