Description:
A Radically New Approach to Structuring, Evaluating, and Investing in IT Security nbsp; Why is the security industry so dysfunctional? Are you wasting the money you spend on security? This book shows how to spend it more effectively. How can you get better data to make more effective security decisions? This book explains why professionals have taken to studying economics, not cryptography--and why you should, too.nbsp; And why security breach notices are the best thing to ever happen to information security. nbsp; Itrsquo;s about time someone asked the biggest, toughest questions about information security. Security experts Adam Shostack and Andrew Stewart donrsquo;t just answer… those questionsthey offer honest, deeply troubling answers. They explain why these critical problems exist and how to solve them. Drawing on powerful lessons from economics and other disciplines, Shostack and Stewart offer a new way forward. In clear and engaging prose, they shed new light on the critical challenges that are faced by the security field. Whether yoursquo;re a CIO, IT manager, or security specialist, this book will open your eyes to new ways of thinking about--and overcoming--your most pressing security challenges. The eNw School enables you to take control, while others struggle with non-stop crises. nbsp; After decades of hard work by some of the worldrsquo;s smartest people--and billions of dollars invested--IT securityoughtto be demonstrably getting better. Why isnrsquo;t it?And what can wedoabout it? InThe New School of Information Security, leading security experts Adam Shostack and Andrew Stewart offer provocative, compelling answers tobothquestions. nbsp; Shostack and Stewart start with the big picture: why huge IT security failures keep happening, and why the investments yoursquo;re making in IT security rarely deliver the results they promise. Next, they offer a set of coherent, innovative solutions for both the security industry and its customers. nbsp; Leveraging important new insights from diverse fields, Shostack and Stewart show how to capture the most relevant information for decision-making, and make the smartest decisions about how you organize and invest in security. They show how new technologies will--and wonrsquo;t--help you deal with tomorrowrsquo;s fundamental problems. And they identify specific, practical actions you can takenowto improve security in your organization and throughout the industry--whether yoursquo;re a security user, supplier, or both. nbsp; nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;Better evidence for better decision-making Why the security data you have doesnrsquo;t support effective decision-making--and what to do about it nbsp; nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;Beyond security ldquo;silosrdquo;: getting the job donetogether Why itrsquo;s so hard to improve security in isolation--and how the entire industry can evolve to make it happen nbsp; nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;Amateurs study cryptography; professionals study economics What IT security leaders can and must lea
Author bio:
Adam Shostack is part of Microsoft�s Security Development Lifecycle strategy team, where he is responsible for security design analysis techniques. Before Microsoft, Adam was involved in a number of successful start-ups focused on vulnerability scanning, privacy, and program analysis. He helped found the CVE, International Financial Cryptography association, and the Privacy Enhancing Technologies workshop. He has been a technical advisor to companies including Counterpane Internet Security and Debix.