From: secedu@all.net
Reply-to: secedu@all.net
Organization: Information Security Educators Mailing List
Subject: Information Security Educators Mailing List 1999-06-15
<pre>---------------------------------------------
From: "Rob Slade, doting grandpa of Ryan and Trevor" <rslade@sprint.ca>
Date: Tue, 15 Jun 1999 08:39:25 -0800
Subject: REVIEW: "Corporate Espionage", Ira Winkler

BKCRPESP.RVW   990424

"Corporate Espionage", Ira Winkler, 1997, 0-7615-0840-6,
U$26.00/C$34.95
%A   Ira Winkler
%C   3875 Atherton Road, Rocklin, CA   95765-3716
%D   1997
%G   0-7615-0840-6
%I   Prima Publishing
%O   U$26.00/C$34.95 800-632-8676 916-632-4400 fax: 916-632-1232
%P   365 p.
%T   "Corporate Espionage"

This readable and realistic guide to becoming professionally paranoid
has a special emphasis on data security and high tech companies, but
can be very useful to pretty much anyone.

Part one looks at espionage concepts.  Chapter one, and the
introduction that precedes it, points out that information is one of
the primary sources of value in any business.  Chapters two through
five look at the basic ideas for any examination of data security,
those of risk, value, threat, and vulnerability.  Presented in terms,
and with examples, that anyone can understand, they nevertheless form
the foundation for examining security and protection for computer and
communications systems as well as the sales "red book" for next
quarter.

Part two presents a variety of case studies.  Winkler concentrates on
the non-technical, relatively simple, and devastatingly effective
"social engineering" aspect of break-ins.  Chapter six is a
compilation of tactics used in various penetration tests.  One
particular test is outlined in chapter seven.  Chapters eight to
eleven detail actual espionage cases carried out by foreign companies. 
A different penetration test is presented in chapter twelve.  A third
party account of a "crack" is discussed in chapter thirteen.

Part three outlines what you can do to protect yourself.  Chapter
fourteen describes a significant list of countermeasures to take,
starting with an effective education program.  Finally, chapter
fifteen presents a large scale program for overall security.

This book is very down to earth, and very real.  Unlike any number of
"hacker" books, it doesn't attempt to impress the reader with displays
of arcane knowledge: it doesn't have to.  Technical details are almost
non-existent, making the text an excellent choice for use in educating
any level or type of employee on the need for security.

copyright Robert M. Slade, 1999   BKCRPESP.RVW   990424

======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca  rslade@sprint.ca  slade@victoria.tc.ca p1@canada.com
There are two kinds of people: those who finish what they start
       and so on ...                              - Robert Byrne
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
---------------------------------------------