Commencez à lire Agile IT Security Implementation Methodology sur votre Kindle dans moins d'une minute. Vous n'avez pas encore de Kindle ? Achetez-le ici Ou commencez à lire dès maintenant avec l'une de nos applications de lecture Kindle gratuites.

Envoyer sur votre Kindle ou un autre appareil

 
 
 

Essai gratuit

Découvrez gratuitement un extrait de ce titre

Envoyer sur votre Kindle ou un autre appareil

Tout le monde peut lire les livres Kindle, même sans un appareil Kindle, grâce à l'appli Kindle GRATUITE pour les smartphones, les tablettes et les ordinateurs.
Agile IT Security Implementation Methodology
 
Agrandissez cette image
 

Agile IT Security Implementation Methodology [Format Kindle]

Jeff Laskowski

Prix conseillé : EUR 10,29 De quoi s'agit-il ?
Prix éditeur - format imprimé : EUR 17,11
Prix Kindle : EUR 7,20 TTC & envoi gratuit via réseau sans fil par Amazon Whispernet
Économisez : EUR 9,91 (58%)

Formats

Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 7,20  
Broché EUR 17,11  
Chaque jour, un ebook avec au moins 60% de réduction
Découvrez l'Offre Éclair Kindle et inscrivez-vous à la Newsletter Offre Éclair Kindle pour ne rater aucun ebook à prix exceptionnel. Abonnez-vous dès maintenant




Descriptions du produit

Présentation de l'éditeur

The book is a tutorial that goes from basic to professional level for Agile IT security. It begins by assuming little knowledge of agile security. Readers should hold a good knowledge of security methods and agile development. The book is targeted at IT security managers, directors, and architects. It is useful for anyone responsible for the deployment of IT security countermeasures. Security people with a strong knowledge of agile software development will find this book to be a good review of agile concepts.

Détails sur le produit

  • Format : Format Kindle
  • Taille du fichier : 561 KB
  • Nombre de pages de l'édition imprimée : 120 pages
  • Editeur : Packt Publishing (22 novembre 2011)
  • Vendu par : Amazon Media EU S.à r.l.
  • Langue : Anglais
  • ASIN: B006BZCW8Q
  • Synthèse vocale : Activée
  • X-Ray :
  •  Souhaitez-vous faire modifier les images ?


Commentaires en ligne 

Il n'y a pas encore de commentaires clients sur Amazon.fr
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoiles
Commentaires client les plus utiles sur Amazon.com (beta)
Amazon.com: 2.3 étoiles sur 5  3 commentaires
2 internautes sur 2 ont trouvé ce commentaire utile 
2.0 étoiles sur 5 Good idea. There's room for improvement in the execution... 31 janvier 2012
Par Alexander Tarnowski - Publié sur Amazon.com
Format:Broché
This book takes a novel approach towards IT security. After reading it, I got the impression that the author has spent a lot of time in big organizations, like the ones described in the book's eighth chapter, according to which, security is handled by vulnerability assessment teams, system administration teams, network administration teams, intrusion analysis teams, intrusion response teams, and so on.

In such organizations, addressing a seemingly simple problem may be daunting task due to the administrative overhead and communication paths, so the author came up with the idea that the process could be simplified by applying agile methods. A very good idea!

Unfortunately, the book doesn't deliver on this idea. Maybe I read it having too high expectations, but my overall feeling is that there are too many gaps, too many incomplete or simplified lines of reasoning, and that the book requires a reader that's very familiar with agile methods and knows a thing or two about IT security. Readers familiar with both topics will find some gems, and new ideas, such as the bullpen, but must also overlook some simplifications, far-stretched reasoning, and lack of depth. For example, chapter eleven, titled "Barriers to Agile", is two pages. While nothing in the chapter is incorrect, I'd really like the topic to be expanded a little. There have to be barriers and problems specific to IT security and agile, and they sure deserve more in-depth treatment than two pages.

Readers approaching this book to learn how agile thinking can be applied to IT security will find chapter four the most interesting. Here a bunch of principles and techniques from Extreme Programming, Scrum, and Lean have been fitted to apply to security. For example, it makes sense that security-related work be done in pairs (as in pair programming). It would be nice if security solutions were refactored, although I suspect they seldom are. Small deliverables apply to pretty much everything, and so does decomposition. Now collective membership, it'd really like to learn how that worked out in the author's siloed organization. Spikes and simple design should apply equally well to security solutions. Good so far.

Chapter four also contains some things that were not very familiar to me. For example: "project divergence rate". It's a measure of how many "changes" that occur in the project during a given time interval. When requirements stabilize, the project divergence rate goes down. This type of micro-measurement doesn't ring very agile to me, but if it works for somebody then it works. "Project velocity rate" is discussed next, and is defined as total number of hours needed to complete something divided by the estimate.

Personally, I'd measure the velocity in story points and use the focus factor get the kind of information that the project velocity rate provides. However, there are many ways of estimating and following up work.

Then there is "agile processes need Scrum Masters to help keep projects moving". No. Scrum needs Scrum Masters, and the chapter is about Scrum, XP, and Lean under the collective name of "Agile". A similar argument could be applied the way standup meetings and planning poker are described.

The problem with this chapter is that it mixes some small techniques, like planning poker, with bigger concepts like minimizing waste, in a seemingly unstructured manner. I think it would be better if the author first gave a brief description of the underlying methodologies, then described the principle/technique as applied in the methodology, then its adaption to security, and finally some examples, success stories or personal reflections. Without the latter, the reader doesn't really know how the adaption works in practice. Has the author used the technique once, a hundred times, or does he just think that it seems to be a good idea?

Chapter seven seems to be more ambitious about talking about a methodology - Lean, but again, war stories, lessons learned, and details specific to applying Lean to security are missing.

Chapter five, I believe, is one of the better chapters. Here we learn about a visualization technique called the "bullpen". It's a way of modeling data sources, infrastructure and risk sources in a simple and visual manner. The concept is expanded upon in the following chapter. Then there's a short intro to DREAD modeling.

The book also contains material that's strictly about security. Chapters one, two, and nine comprise an introduction, talk about threats in general, and about security awareness. I think that some of the material therein isn't quite up to date, and I reacted to some phrases like: "Social engineering is the latest trend in hacking". What bothered me the most, though, was that there was no Chekov's gun. If a chapter is spent describing new security threats, then it would be really cool to see how agile security is used to address those threats towards the end of the book.

In conclusion, I think the book is on to something. The underlying ideas are good, and intellectual effort has been put into finding agile techniques that should be transfer nicely to security. What I expect as a reader is more structure, more background, and a natural blending of the chapters on security and agile. And above all, the author's experience of applying these techniques!
1 internautes sur 1 ont trouvé ce commentaire utile 
2.0 étoiles sur 5 A few good bits, LOTS of mistakes 10 avril 2012
Par Dr Anton Chuvakin - Publié sur Amazon.com
Format:Broché
I started reading the book with much excitement about agile approach to security, but soon was stuck in a error-ridden mess of an extra long blog-post.

Things like "PCI has more regulations for organizations that do more credit card transactions than smaller organizations" abound: both poorly worded and often not true. Other bits ("The new threat that Web 2.0 denotes to the organization" and "What Cyberware is and its effect on the IT security landscape") are simply poorly worded and, frankly, somewhat idiotic at times. The book is structured in an illogical manner, with lots of repetitions and with some good points buried in otherwise fuzzy sections. Still more bits like "Advance persistent threats are constant attacks against an organization or government agency" made me think of people who learned security from reading a newspaper, typos and all. Also, the books lacks realistic case studies. "BlackBerries, iPhones, and smart phones are some of the tools that people are using to connect to the organization", etc, etc just point at the fact that the author should not have gone into writing....
What was the final nail in the coffin for me is this: "Qualified Security Auditor, or QSA, about to walk through the door...." and then "The QSA is less likely to fine someone on a first audit, but simply make note of it and check again the next year."

Dear author, if you don't even know what "QSA" stands for and what QSAs do (NOT fine people!), please don't mention PCI compliance in the book. Finally, the book carries signs of not being edited by a professional editor.

On the positive side, there are a few ideas on using agile concepts for infosec. Agile Principles in Ch 4 are useful to read and internalize. Sadly, such ideas are a major pain to extract from the 120 page ramble.

Disclaimer: the book was provided for free by the publisher
1 internautes sur 1 ont trouvé ce commentaire utile 
3.0 étoiles sur 5 too skimpy for the importance of the topic 22 janvier 2012
Par W Boudville - Publié sur Amazon.com
Format:Broché
Laskowski offers a migration of the Agile methodology towards the realm of IT security. Away from the original programming context. The main message is to do frequent analysis or re-analysis of your IT assets, machines and people, and of possible cracker threats to it.

The various aspects of agile programming are applied in this field. Of these, the use of pair programming now becomes the forming of pairs of IT chaps to look at problems. How realistic is this? In practice, given the budget constraints that many firms have, assigning 2 skilled people to do this might not be possible. More plausibly, one person looks at a problem, and then she tells the entire IT team if it seems serious enough and she needs other opinions. Pair programming was the most controversial aspect of Agile and the book does not give enough space to address objections to it that might also hold in IT.

Unfortunately, the overall discussion is a little sparse. Especially about the threat modelling, upon which much more might have been said, given its saliency. Granted, this is compensated somewhat by the lower price. But an organisation that can afford an IT network and its personnel can spring for a more comprehensive and expensive book.
Ces commentaires ont-ils été utiles ?   Dites-le-nous

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Thème:
Première publication:
Aller s'identifier
 

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon
   


Rechercher des articles similaires par rubrique