View Larger Image	Eric Greenberg Wiley, Paperback, Published January 2003, 416 pages, ISBN 0471211656
	List Price: $40.00 Our Price: $24.50 You Save: $15.50 (39% Off)
	Availability: Out-Of-Stock

Write a Review and tell the world about this title!

Books on similar topics, in best-seller order:

• Enterprise Computing : Security

• Wiley

All the worksheets and templates you need to create a complete customized security plan that works for your business

Let’s face it: Security is a business problem, not just a technical challenge. Whether hackers simply want to test their skills or steal your data, they can–and will–do incalculable damage to your company. You need a solid plan. The good news is that Eric Greenberg has done most of the planning work for you.

This isn’t just an "I told you so" book. You get hands-on involvement from the start. You’ll see your own customized security plan template begin to take shape as you complete the accompanying worksheets. Choose any one of the security plans outlined in this book, and you will be able to protect your data and deter hackers. And by implementing the proven strategies Greenberg details, you can secure your company’s competitive edge for the long term.

Backed up by solid business planning methods collected from years of experience, Greenberg:

• Steps you through a complete customized security improvement plan
• Provides worksheets at every stage that you can use to create a comprehensive and meaningful security plan
• Introduces practical risk management techniques to intelligently assess and manage the network security risks and costs facing your organization

The book’s companion Web site contains the security planning template and all the worksheets in downloadable Microsoft Word format as well as additional resources to ensure that you have exactly what you need to protect your company.

Mar 10, 2003     
Comprehensive & Practical Security Planner
Greenberg advocates an actionable, meaningful security approach that doesn't get hung up on methodology or reliance on abstract standards, like DoD and other common standards. The book skewers bureaucracies that believe planning and methodology is an end in itself, yet recognizes key business realities facing security advocates and suggests practical approaches to "selling security" within an organization -- an important topic given tight or shrinking budgets.

Greenberg is clearly a security guy and writes with experience and authority -- at times the style is conversational and humorous and at others professorial -- it is a good read for a security-focused text. While providing a strong overview of sound security planning and risk management concepts, MCSP also digs down and provides details where it counts regarding filters, proxies, IDS/VA, configuration management, content management (ActiveX, etc), and so forth yet consistently presents this low-level detail within the framework of an actionable security planning methodology that will be relevant five or even ten years from now. MCSP is anything but a security cookbook of technology discussions gleaned from public sources, although many basic concepts and topics are explained in the book's comprehensive glossary. Instead, the book presents the strengths and weaknesses of various technologies and approaches as they relate to the security improvement process.

MCSP utilizes a sequence of sophisticated worksheets to guide the reader through the security planning process and create a dynamic, actionable security plan -- not a plan that lives on the shelf. Using Greenberg's approach there are three components to the Security Plan: Security Stack (physical, network, application, OS), Life-Cycle Stack (technology selection, implementation, operations, incident response), and Business (information, infrastructure, people). Interestingly, you may have noticed that the Security Stack is similar to the OSI model -- this is typical of the rational and logical approach throughout the book. Using the worksheet approach as a guide, the Security Plan is mapped to 28 pre-defined security elements addressing the core security planning challenges of a distributed computing environment. Based on the worksheets, the impact analysis method approach provides a readily understandable plan that reflects the specific business, technical, and lifecycle tradeoffs in your organization.

Greenberg keeps it interesting with many anecdotes illustrating key points and thought-provoking arguments. For example, he advocates an approach that will hold vendors accountable for poor security by providing a quantifiable method for business software users to track security. The final chapter covers strategic security planning with PKI and provides a roadmap for selling an organization on the benefits of PKI when appropriate.

MCSP is an innovative and useful security book. The book provides security staffers and planners with the logical framework and tools they need to create a comprehensive, living, and actionable security plan enabling the organization to shift from a reactive security posture to a more pro-active approach. Highly recommended.

Feb 7, 2003     Rich from Montgomery Village, Maryland
Putting Your Best Plan Forward
Eric Greenberg has put together an excellent book, at last someone has thought about planning security, instead of hacking security precautions on as an afterthought. Mr. Greenberg has obviously dived into his depth of experiences and amalgamated them into a coherent way to build a security strategy.

Were the book really shines and that experience comes through is in realizing that security is not just about putting a lock on a door. It is about putting the procedures, hardware, software, people and most importantly the mindset into an organization in a cohesive way so that nothing is overlooked and the checks and balances are in place to validate every part of these measures. The author also understands the vital importance that security is all cost and benefit.

By taking the overhead view and delving into the cracks in the armor organizations seldom think about, the book provides the templates for building that elusive security plan. These templates (worth the price of admission alone) are used in a step-by-step approach to replacing the haphazard security with a coherent, manageable, administrable, and most importantly, a downright implemental plan. And book doesn't just stop at getting the plan in place; it goes into the extremely vital and usually overlooked, "What happens next?" and builds the strategy for response, recovery, testing, support, procurement, integration, staging and training.

This is a must-read for information security professionals and infrastructure planners.

Forgot your password? FAQs Shipping Options Returns Your Orders Your Account