Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Asset attack vectors : building effective vulnerability management strategies to protect organizations
Haber M., Hibbert B., Apress, New York, NY, 2018. 371 pp. Type: Book (978-1-484236-26-0)
Date Reviewed: Jan 22 2019

Haber and Hibbert give readers a grand tour of the vulnerability management landscape in 24 chapters.

Three somewhat longer chapters are noteworthy. Chapter 2, “The Vulnerability Landscape,” contains the usual suspects, with the biggest focus on social engineering, ransomware, and insider threats. Chapter 14, “Vulnerability Management Development,” discusses the scope, tool selection, the management process, common mistakes and challenges, and building a plan. Chapter 15, “Vulnerability Management Deployment,” covers some major topics: network scanners, dealing with authentication, and many other practical considerations.

The book ends with chapters on “Making It All Work,” “Tales from the Trenches,” “Final Recommendations,” and “Conclusion.” There are also two appendices: a sample request for proposal (RFP) and an RFP spreadsheet. “Tales from the Trenches,” a series of stories from the vendor’s point of view, was a surprise; I would expect a client-side view. The sample RFP and RFP spreadsheet are also significant; I was not expecting such in an otherwise broad but shallow presentation of the topic.

The book includes nothing striking, new, or insightful. On the other hand, there are no clear oversights. It is a decent introductory tour of the vulnerability management landscape. However, don’t assume that you are good to go “touring” with just the book and its RFP and spreadsheet.

More reviews about this item: Amazon, Goodreads

Reviewer:  A. Mariën Review #: CR146391 (1904-0116)
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Security and Protection (K.6.5 )
 
 
Security and Protection (C.2.0 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
CIRCAL and the representation of communication, concurrency, and time
Milne G. ACM Transactions on Programming Languages and Systems 7(2): 270-298, 1985. Type: Article
Oct 1 1985
Computer security risk management
Palmer I., Potter G., Van Nostrand Reinhold Co., New York, NY, 1989. Type: Book (9780442302900)
Apr 1 1991
Computers at risk
, National Academy Press, Washington, DC, 1991. Type: Book (9780309043885)
Oct 1 1991
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy