I was privileged to be asked to review an advance copy of the eBook recently released by Pete Zerger and Wes Kroesbergen on the subject of Information Security. Targeted at an executive audience, the eBook discusses the current state of information security and the challenges that face the security officer in the current environment. It is quite short, at only 35 pages – really, more of a whitepaper, but manages to compress a lot of good information into it – making it perfect for a quick read on an airplane.
In the first chapter, the authors set the stage – it’s a lot of information that CISOs are no doubt painfully aware of, covering the usual data regarding the frequency and likelihood of the breach, the type and amount of data that is involved, and the constant (and increasing) evolution of the IT industry, as users become more accustomed (and able) to work outside of the office.
In the following chapters, the book expands on how to protect the modern, decentralized network from the kinds of attacks that are becoming all too common, from the perspective of a Microsoft-centric environment. Stepping through the anatomy of an attack, the authors discuss how attackers move through your network, and how to defend each point. Of course, the story is somewhat spun in favour of the defenders (the attacker, once thwarted, may change tactics) but there’s significant defense capabilities discussed, which, due to their nature, are challenging to pivot around. The solutions presented take a tactical approach, rather than trying to address a specific need – according to the book, organizations frequently run forty or more security solutions! The authors work through defense of email, network infrastructure, user endpoints, server infrastructure, and cloud computing – IaaS, PaaS, and SaaS.
As an IT Professional or consultant, the book is useful to help understand how Microsoft is setting the bar for information security, and can help you advise your colleagues elsewhere in the business. This is also useful for executives and account executives who need to have a simple and quick understanding of the Microsoft security environment.
Microsoft’s holistic approach is flexible and resilient against modern attackers, and the book presents it in an understandable manner, without being overly verbose or technical. I definitely learned some things reading through it, particularly with regards to the behaviour of some of the newer defense mechanisms.
You can get your own copy of the book at http://modernsecurity.info, and make sure to pass it along to your CISO!