Managing the human factor in information security

Managing the human factor in information security : how to win over staff and influence business managers / David Lacey, Wiley, 2009

Here is a really useful book for the IT admin in charge of security. Attackers con insiders too easily, and we need to counter the problem with the help of all employees. “I’m really interested in reading this book and, frankly, once it’s published, I’ll be one of the first to buy it.” — Dr. Eugene Schultz

Security data visualization

book coverSecurity data visualization : graphical techniques for network analysis / Greg Conti, No Starch Press, 2007

How do you analyze the logs from your firewalls, IDS’s, and web servers? They are large, and many people don’t have time to even peek at them. This book discusses ways to use graphical tools to display patterns gleaned from the logs so you can visualize the problem. Several open source projects are discussed.

Professional rootkits

book coverProfessional rootkits / Ric Vieler. Wiley, 2007.

A programmer’s book on writing root kits for Windows. Here are lots of details on how to hack someone’s machine, though minimal discussion of virtualization. Written by an ‘Ethical Hacker’, this book will be useful to security pro’s who need to harden systems, or reverse engineer malware. Unfortunately, it might be quite useful to blackhats.