The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'The GSEC Prep Guide : Mastering SANS GIAC Security Essentials'

Cover of The GSEC Prep Guide : Mastering SANS GIAC Security Essentials
TitleThe GSEC Prep Guide : Mastering SANS GIAC Security Essentials
Author(s)Mike Chapple
ISBN0764539329
LanguageEnglish
PublishedJune 2003
PublisherJohn Wiley & Sons
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer security
Amazon.com info for The GSEC Prep Guide : Mastering SANS GIAC Security Essentials

Score:

Vote for this book

The Virtual Bookcase Reviews of 'The GSEC Prep Guide : Mastering SANS GIAC Security Essentials':

Reviewer Rob Slade wrote:
The SANS (System administrators, Audit, Network, Security) Institute GIAC (Global Information Assurance Certification) Security Essentials Certification (GSEC) is supposed to be the "core" program for the various GIAC courses and exams. Chapter one covers some basic, but random, security concepts and topics. A list of sample questions, intended to help the student/candidate prepare for the GSEC exam, is given at the end of every chapter. If these truly represent the level and type of questions on the exam then getting the GSEC is a snap: quick, which type of situation is worse, one that has low threat and low vulnerability or high threat and high vulnerability? (On the other hand, you may have to know the party line: one question insists that you credit SANS with the concept of defence in depth, and there is a concept of "separation of privilege" that seems to be what everyone else refers to as separation of duties.) Security policies are discussed in a verbose but almost "content-free" manner in chapter two. Virtually nothing is said about the policy process and different functional types of policies. Again, there is a demand for idiosyncratic jargon: high level policies are "program" policies, whereas detailed policies (mostly procedural, given the list discussed) are "issue-specific." One term that might be worth adopting is "system-specific policy": those who deal with policies know that it is difficult to have exceptions documented. Using this term for deviations, as SANS does, may reduce the resistance to noting the irregularities. There are some basic ideas about risk assessment and management in chapter three, but most of the text reviews network scanning tools. Chapter four contains network nomenclature, Cisco equipment filtering command arguments, and miscellaneous IP (Internet Protocol) protocols in varying depth. There are a brief list of the titular "Incident Handling" factors contained in chapter five, as well as random legal terms. The discussion of cryptography in chapter six is reasonable up to the point of symmetric block ciphers, but subsequent material has errors (keystream data should *not* repeat during the course of a message), confusing diagrams, and unhelpful mathematics. There is no deliberation about the usage of public key cryptography, hashes, and digests until chapter seven, which, despite the title, has absolutely nothing to say about "Applications Security." Chapter eight provides a simple overview of firewalls and intrusion detection systems (IDSs) but is not overly detailed: no distinction is made between application and circuit-level proxies, and some of the statements made are clearly incorrect for circuit devices. There is a grab bag of malware, cryptanalysis, attack methods and more in chapter nine. The content on operations security is limited to assorted aspects and tools of Windows and UNIX that might be related to secure processing, in chapters ten and eleven respectively. Chapter twelve is a practice exam. It's pretty easy. The GSEC is sometimes said to be adequate preparation for the CISSP (Certified Information Systems Security Professional) exam, but there are significant gaps in GSEC's coverage of the security topic. Although risk assessment and policy are discussed, management issues and access controls get limited substance in GSEC. Security architecture, applications security, physical security, and business continuity are all missing, while operations are restricted to Windows and UNIX. This book does provide some useful direction in regard to information systems security, but readers should be warned that the missing pieces will probably be very important at some point. copyright Robert M. Slade, 2003
Add my review for The GSEC Prep Guide : Mastering SANS GIAC Security Essentials

Book description:

* SANS (SysAdmin, Audit, Network, Security) has trained and certified more than 156,000 security professionals. * This book is the cost-friendly alternative to the $450 SANS materials and $1200 SANS courses, providing more and better information for $60. * SANS is widely known and well-respected, with sponsors, educators and advisors from prestigious government agencies (FBI), corporations, and universities (Carnegie Mellon) around the world. * A companion CD contains the Boson test engine packed with review questions.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement