Contents: Introduction; A Hacker is Made; Preparation and Planning; International Laws and Standards; Passwords and Beyond; Your Information Security Policy; Security Awareness Training; Patch Management; Windows Workstation Security; Basic Server Security; Understanding Firewalls; Protecting Your Website; Wireless Networking; Penetration Testing; Security Through Obscurity; Windows Vista; Email; The Curse of Spam; Viruses; Spyware, Adware and Rogue Dialers; Piracy; File Sharing and ‘P2P’; Backups and Archives; Preventing Internet Misuse; Document Security; Data Theft; Encryption; Employees’ Own Computers; How Hackers Use Search Engines; Denial of Service Attacks; Provisioning and Identity Management; Data Interception; Out of the Office; Social Engineering; E-Commerce Fraud; Intrusion Detection Systems; Outsourcing; Securing your Premises; Forensics; Planning for the Worst; Hardware Theft; Let’s Be Careful Out There; Index

As you can see from the table of contents, Schifreen covers quite a bit of ground. Each chapter is relatively short (7 to 10 pages) and covers the subject from a conceptual and practical view. It’s more along the lines of “here’s a problem, here’s how it affects you, and here’s what you need to do to address it in your organization.” Schifreen was an active hacker who has turned “white hat”, so it’s not like all this is just theoretical material that he’s not actually experienced. He’s done a lot (most?) of this stuff at one time or another, so he knows of what he speaks. It’s also somewhat unique in that it views things from a distinctly English viewpoint. Since he lives in Great Britain, his writing and choice of words are a little unusual to an American. For instance, taking something to the dump is referred to as the “tip”. Prices are stated in pounds, and many of the examples are located in various places in Europe. This particular slant will probably be welcomed by those who are tired of authors who assume that the United States is where all IT takes place.

The only real issue I have with the book is the stated target audience. It is indeed a nontechnical guide to IT security, and much of the emphasis is on protecting your organization. I’m not sure how much value an organization would get out of this unless you’re a small shop who really hasn’t thought much about your computer(s). For a large organization, there’s not enough here to allow you to implement solutions completely (from a technical perspective), and you probably already have techno-geeks that do that. For the small shop, this would open your eyes to potential problems, but again there might not be enough to allow the non-techy user to properly implement AND maintain their security. Still, if the reader is someone who really hasn’t thought much about computer security beyond the occasional virus scan, this book will open their eyes.

Good book, and surprisingly readable given the amount of material covered. Just don’t go into it thinking that this single book will make your company hack-proof and turn you into a security expert…
Rating: 4 / 5

One would be the manager in an IT department where he has security people dedicated to keeping the systems secure. The manager needs the information in this book to keep these people from snowing him with techno-speak about what they are doing.

The other reader would be the owner/manager of a small business who wants or has to set up security for a company. This book will tell him the general concepts and some suggestions on how to get started. For him, this is the place to start. This won’t provide enough information on any of the subjects, but it provides enough that when you go look at the available hardware or software packages you can at least have some idea about the meaning of the words.

The web is a lot like the old west of the movies, law and order is noticably absent. After all, if you have a hacker in Russia, attached to a server in Nigeria, that’s hiding behind a server in China and hustling money from an elderly retired woman in Flowida, who’s in charge. This book gives you a better than average introduction to the common protection systems you may need.

As I said earlier, it’s well written in clear, but not very technical.
Rating: 5 / 5