Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies

Ira says a lot of important things. I like his direction that threats are not advanced, they are persistent. The attackers will use whatever they can and that usually is not high tech. They will simply find some little thing that was not looked after. Like leaving the back door and windows open in your home with a fancy lock on your front door.

Advanced persistent threats (APT) have gotten significant amounts of press over the last few years. When I first scanned the title of this book, I assumed it was on that topic. While Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies does details APT, that’s not the main focus of the book.The books notion of advanced persistent security means ensuring that security is built into every aspect of a system. This goes from endpoint to server, and covers everything in between. In the book, authors Ira Winkler and Araceli Treu Gomes have written a somewhat advanced introduction to security guide. Their premise may not be so earth shattering; but the massive number of security breaches & indicates prove that far too many firms didn’t get the memo about building secure systems.Many organizations have purchased unified threat management (UTM) devices that were meant to be a single all-inclusive security appliance. Too many of them thought that security meant having the device in their data center and not having to do anything else. This is the perfect book for such people, as Winkler and Gomes show that effective information security requires a lot more than a single expensive appliance.The authors write that a more appropriate title for the book would be Adaptive Persistent Security. The aim being that information security systems have to be proactive in nature and design; to which this is not a trivial point. The authors propose methods for more adaptive and comprehensive approaches to information security.Winkler and Gomes write that failure is an integral part of information security. No one can build a system that won’t fail. Rather the systems should be resilient enough when failure does, and eventually occurs. The advanced persistent security methodology they propose means that a security program should proactively adapt to the failures of protection such that any loss is minimized.The authors admit that the book does not provide any technological breakthroughs. Rather they provide advanced methods for implementing already available technologies. At 230 pages, what the book lacks in depth, it makes up for in its tactics for effective information security. For those looking for a methodology to create a more robust information security program, Advanced Persistent Security is a valuable resource.

WOW. Ira nails it!Having been chasing my tail in Cubersecurity for the last 20 years, this book explains it all. This book makes you back up, evaluate your processes and focuses on the CS solution that will provide security that you can understand and implement.

Read at library, in 5 minutes.Another of '1000' general/light/non-tech books on "computer security" general BUZZWORDS!!!Zero value, to me. Suggest the "Look Inside" before wasting more than 10cents on this #1001 such book.

The book provides a great recipe for managing and improving cyber security capabilities in any type of organisation. It is a compass to refer back to if you feel lost or overwhelmed in tackling the security challenge when you are at the helm.It is a little repetitive in sections which makes it longer than it needed to be. It also could have benefited from use of diagrams and more detailed outlines of methodologies around reactive security strategies and assessing budgets for security programmes.It is not a book for the technically inclined nor does it pretend to be. It is more for those advising organisations on how best to approach security and reap the best value out of any effort or investment injected. It will be a valuable guide for those security professionals in the middle of their experience journey and certainly a good reference backup for those more advanced in their professional journey.