Don Morrill, IT Toolbox:
If you want to read a book that will have an influence on your information security career, or if you just want to read something that points out that we do need to do information security differently, then you need to go pick up a copy of “The new school of information security” by Adam Shostack and Andrew Stewart.
Adam and his co-author have produced a readable, compact tour of the information security field as it stands today – or perhaps as it lies in its crib. What we know intuitively the authors bring forward thoughtfully in their analysis of the information security industry: it is struggling to keep up with the defects in online communication, data storage, and business processes.
Revisando el capítulo 2 titulado “The security industry”, del libro de SHOSTACK y STEWART publicado por Addison Wesley en 2008 denominado The New School of Information Security, se presentan de manera clara y abierta la forma como la industria se da a la tarea de vender la distinción de seguridad de la información, tanto en el tema de productos y servicios, así como en buenas prácticas, listas de chequeo y estándares.
It makes me strangely happy to have our first non-English review.
Finally, Keith Shaw at Network World interviewed me, the podcast is “Why security is failing.”