A Practical Guide to Security Assessments

Book Description

The modern dependence upon information technology and the corresponding information security regulations and requirements force companies to evaluate the security of their core business processes, mission critical data, and supporting IT environment. Combine this with a slowdown in IT spending resulting in justifications of every purchase, and security professionals are forced to scramble to find comprehensive and effective ways to assess their environment in order to discover and prioritize vulnerabilities, and to develop cost-effective solutions that show benefit to the business. A Practical Guide to Security Assessments is a process-focused approach that presents a structured methodology for conducting assessments. The key element of the methodology is an understanding of business goals and processes, and how security measures are aligned with business risks. The guide also emphasizes that resulting security recommendations should be cost-effective and commensurate with the security risk. The methodology described serves as a foundation for building and maintaining an information security program. In addition to the methodology, the book includes an Appendix that contains questionnaires that can be modified and used to conduct security assessments. This guide is for security professionals who can immediately apply the methodology on the job, and also benefits management who can use the methodology to better understand information security and identify areas for improvement.

Customer Reviews:

Excellent Resource.......2004-12-28

Excellent. This book is a practical approach to security assessment from planning to the final report. Being in this field for over ten years, this is the first book that truly provides the appropriate level of guidance from not just the security assessment but also from the business standpoint where it looks at involved risks. The appendix is excellent and extremely useful, particularly the questionnaires, which can be modified, based on the type of assessment/client. The book is well structured and very clear, and provides a logical approach to addressing and assessing information security issues. Highly recommended reading.

Performance of Computer Communication Systems: A Model-Based Approach

Average customer rating:

Probably the best modeling book around!

Performance of Computer Communication Systems: A Model-Based Approach
Boudewijn R. Haverkort
Manufacturer: Wiley
ProductGroup: Book
Binding: Hardcover

General | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
ASIN: 0471972282

Book Description

Performance of Computer Communication Systems A Model-Based Approach Boudewijn R. Haverkort Rheinisch-Westfälische Technische Hochschule Aachen, Germany Computer communication systems and distributed systems are now able to provide an increasing range of services. As the timing requirements in the operation of these services are becoming crucial for the global community. performance assessment and selection of communication and distributed systems are, therefore, becoming more important. In this book, the author illustrates the techniques and methods used to evaluate the performance of computer communication systems, thereby covering all aspects of model-based performance evaluation. Unlike other books on this topic, there is no restriction to a particular performance evaluation technique. Notable features in this book include:
* coverage of all major techniques of performance evaluation
* non-mathematical problem solving approach, explaining and illustrating performance evaluation techniques
* assessment techniques for stochastic processes, single server queues, networks of queues and stochastic Petri nets
* numerous application studies, including token ring systems, client-server systems, and wide-area networks
* substantial number of practical exercises and examples.
For computer or electrical engineers who design and implement computer communication systems, this book provides an excellent overview of the methods and techniques used to construct and solve performance models. It is also a valuable source of information for postgraduate students in computer science and related subjects. Visit Our Web Page! http://www.wiley.com/

Customer Reviews:

Probably the best modeling book around!.......2007-01-22

I consider this book a lucky find. As you can probably guess, I have nearly every book remotely related to computer performance modeling, which you'll see if you look at my guide to building a web site that doesn't frustrate customers. But for some reason, I didn't have this one. When I did get a copy, it quickly became one of my favorites!

The book starts with a good foundation in stochastic processes (Part I) and single-server queuing models (Part II). The highlight of the second part is chapter 8 on phase-type distributions, quasi-birth-death processes and matrix geometric methods. I have not found much on this approach elsewhere that's accessible to a practitioner, so if you, like me, have a large collection and are looking for a reason to add this book, here's one!

Part III covers queuing networks. There isn't much here you won't find in other books, although it's explained in more detail and covers more of the history of the subject than many of the basic books. Few of today's books go beyond mean value analysis for closed networks, for example; it's very rare that the convolution algorithm is even mentioned.

Part IV covers stochastic Petri net models. Most of this, except for chapter 17 on infinite state stochastic Petri nets, is available in other books. But, like chapter 8, you won't find the material in chapter 17 in an accessible form anywhere else. And a number of the other books on stochastic Petri nets have gone out of print. So chapter 17 is reason two to add this one to a collection.

Part V consists of one chapter on simulation. I personally think simulation has gotten way too much bad press. Analytical modeling proponents are fond of whining about how long it takes to build simulation models, how long it takes to run them, etc. I don't personally do simulation, but there are numerous situations where it's the "right thing to do".

In summary, I think this is currently the best advanced modeling book available. If you want to go beyond mean value analysis, get this one. It covers stochastic processes, single queues, queuing networks, stochastic Petri nets and simulation.

Performance by Design: Computer Capacity Planning By Example

Average customer rating:

Excellent Representation of Complex Thoery with real world examples
Factoring performance into the development lifecycle
Outstanding introductory book to a complex topic

Performance by Design: Computer Capacity Planning By Example
Daniel A. Menasce , Lawrence W. Dowdy , and Virgilio A.F. Almeida
Manufacturer: Prentice Hall PTR
ProductGroup: Book
Binding: Paperback

Systems Analysis & Design | Computer Science | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0130906735

Customer Reviews:

Excellent Representation of Complex Thoery with real world examples.......2006-12-29

Capacity and Performance management is a very complex subject. I have read a couple of books. Most of them had dry theory without supporting examples. In some cases, I abruptly stopped reading. These type of books may be good to people who are quite fresh from the academic world. Having worked for sometime, one would desire a book with simple but strong fundamentals and more of relating examples.

This book stood out to my quest. The pace of the coverage was gradual from Gear 1 to Overdrive. Every ounce of theory was supported with examples. Normally I would skip theory and look for examples. But here I enjoyed reading theory. Well Written!

The Case Studies were real world examples. I gained a lot reading this book. Would recommend this book for Technology professionals who want to switch to Capacity and Performance Management.

I would definitely want Mr Menasce and his team to write books on the same topic to address real world end-to-end and new challenges like Petri Nets, Technology Consolidation, Data Warehousing, GRID, Utility Computing, Virtualisation etc. This should definitely help the Technology Community at large.

Factoring performance into the development lifecycle.......2004-02-12

"Performance by Design" provides both a conceptual and a practical framework for experienced software developers that want to get started building quality applications using performance engineering techniques.

Performance engineering is a discipline that attempts to integrate concerns about the responsiveness of computer applications and their capacity requirements into standard application development practices, which otherwise focus almost exclusively on meeting functional requirements. Just like not getting the functional spec right in the early stages of the application development lifecycle can lead to a cascading series of design and implementation decisions that are difficult to reverse in later stages of the development process, neglecting performance considerations until after the applications has met its functional requirements is often too late to tackle them effectively.

The first part of the book surveys a wide range of performance modeling and capacity planning techniques, served up in clear, concise language with a minimum of mathematics. It is a gentle introduction to analytic queuing networks written at the level that any advanced undergraduate Computer Science student ought to be able to master. The heart of the book, representing Chapters 5 through 9, is a series of Case Studies that rounds out and concludes Part 1. Each of the case studies deftly illustrates another analytic technique that a performance engineer needs to understand how to apply. Chapter 5, for instance, steps through descriptive statistics and cluster analysis as it discusses what is involved in deriving model parameters for a simple database transaction workload. Chapter 6 builds upon this discussion by solving a simple multi-class model, delving into confidence limits and the use of a factorial design to limit the number of trials of a benchmark experiment. Finally, Chapter 9 illustrates using software performance engineering techniques to model a new application during its initial development phases, beginning with the database design.

The first half of the book is designed to stand alone if the Reader doesn't have the stomach for the rigorous mathematical treatment of analytic queuing models that characterizes Part 2. The second half of the book should be familiar territory to readers of Menasce's other books on performance modeling, beginning with Markov chains and proceeding through Mean Value Analysis. The final two chapters describe approaches to modeling serialization delays and servers that have load-dependent performance characteristics, two topics that are essential to accurate models of application-level performance.

The great challenge of the performance engineering approach is how to persuade experienced applications developers to adopt these techniques. "Performance by Design" is aimed at getting software developers to pay closer attention to performance concerns throughout the application development life cycle. Compared to other books on the subject, this may be the best attempt yet to promote the practice of performance engineering as a discipline that deserves to be integrated into the wider context of application development.

Outstanding introductory book to a complex topic.......2004-01-30

This team of authors has produced yet another invaluable book for practitioners who perform capacity and performance planning, as well as students who are introduced to this topic for the first time. Unlike earlier works by the authors, which addressed performance in specific systems environments such as client/server, e-business and web services, this book is more general. Therein lies the true value - it teaches the fundamentals and will not be soon outdated.

The book is structured into two parts - Part I consists of four chapters that lay the foundation. Chapter 1 covers system life cycles, Chapter 2 moves the reader from systems to descriptive models of the systems, and Chapters 3 and 4 delve into the essence of performance - quantifying performance models and giving a performance engineering methodology. This material is reinforced with five chapters, each of which is a case study of a specific performance problem. These include database services, web servers, data center, e-business services and help-desk services.

Part II, The Theory of Performance Engineering, addresses the underlying knowledge that performance and capacity planners will need in order to approach their tasks using true quantitative methods. The six chapters in this part of the book cover the following topics in detail, and are clearly and succinctly written: Markov models, single queue systems, single class MVA (Mean Value Analysis), queuing models with multiple classes, queuing models with load dependent devices, and non product-form queuing models. Armed with a knowledge of these fundamentals you should be able to tackle complex performance and capacity problems, both in the software engineering domain when a system is being designed, and in the operational support domain when service level management and availability are the goals. In addition to the way the authors step you through complex math in a clear, easy-to-understand manner, this material is augmented by Microsoft Excel workbooks that bring the material to life. Nearly every chapter has associated workbooks and spreadsheets that can be downloaded from the web site that supports this book, adding considerably to the value of the material.

Book Description

Does technology really add value? If so, when? What's the best way to quantify and maximize technology ROI? The IT Payoff gives you powerful new tools for answering critical technology investment questions. Discover where technology can add the greatest value; when to adopt new technologies; how to coordinate process and technology change, and more. Includes new metrics, hands-on templates, and a complete action plan for making smarter funding decisions!

One of the 5 Best Technology Books as cited by About.com

Download Description

Customer Reviews:

The IT Payoff Review.......2007-02-20

Easy to read book. Get's straight to the point. However, the case studies are out of date. A new, updated version is needed!

The IT Payoff: Measuring the Buiness Value of Information Technology Investments.......2006-11-10

Practical methodogy was introduced, it provides specific templates, metrics, and tools for making funding and IT investment decisions. It should be recommended reading for IT executives and managers.

The book is great however . . . . ........2005-05-07

The content appears to be good however I made the mistake of buying the digital e-book version without knowing that there is a form of protection that doesn't permit printing to paper.

The only reason I purchased it in this format was I needed it very quickly (I'm in Australia) for an assignment due this week so I can PRINT the book out, read it now and while travelling to and from work.

What a bloody shame. Amazon - why don't you highlight the above fact at least against all applicable e-books you sell so that the customer knows before he/she splurges any money instead of hiding it in a help or FAQ file. Last time I'll buy an ebook from here or anywhere where I can't print it out.

Great articulation of issues, poor analysis of solutions.......2003-10-30

I have trouble in understanding how this book got such positive reviews. I found it to provide a very eloquent and succinct description of the issues, but nothing very insightful in terms of solution, or recommendations. The model they present is obvious to the point of uselessness, and does not offer any real help in how to evaluate investments more effectively. Specifically what is missing for me is that the authors are still tied to the world where the IT project deliverers take no responsibility for the business (financial) outcome of their work. What I'm looking for is a proposal for model of IT projects that brings the business value into the heart of the project methodology, rather than as a parallel exercise.

In summary the book is painfully academic with fleeting references to a small number of case studies. This is a book that brings nice introduction to the issues for a student, but is of no value to the practitioner. This is an important area and it deserves more.

Fantastic Work.......2003-07-23

Clearly written, conveys the essence of making IT worthwhile. This book makes be believe in the long term promise of IT.

I particularly like the practical applications and references to successful methods. This book provides well grounded and leading edge, yet practical, methods to improve IT returns.

Overall, this book gives a clear road to increasing the value of the IT investment. Each organization should weigh which aspects to apply in its practices.

The main method is the age-old concept of measure what you want to manage. The book builds extensively on this concept and provides clear direction.

Although the manage by facts and measure, measure, measure themes are common in business thought, the proper application to the issues in corporate IT are insightful.

The pedigree and background of the authors is impressive. Combined with their experience and demonstrated rigour, this gives the book a basis of actionable credibility.

Customer Reviews:

Excellent Book on Systems Design.......2000-05-01

This book is a wonderful introduction into systems design and analysis. It is fairly technical, but it has a wealth of information on failure modeling and prediction. A very good reference book, as well as a nice introduction to a soon-to-be very hot topic.

Managing Business with SAP: : Planning Implementation and Evaluation

Average customer rating:

Managing Business with SAP: : Planning Implementation and Evaluation

Manufacturer: Idea Group Publishing
ProductGroup: Book
Binding: Hardcover

General | Business & Investing | Subjects | Books

MIS | Industries & Professions | Business & Investing | Subjects | Books

General | Computers & Internet | Subjects | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

SAP Planning: Best Practices in Implementation

ASIN: 1591403782
Release Date: 2005-03-22

Book Description

At a time when many companies, particularly in the technological field, are continuously laying off workers, SAP, Inc. and organizations using the Enterprise Resource Planning (ERP) and SAP concepts and software packages, on the other hand, are in need of more IT professionals familiar with their software applications. Although the popularity of ERP/SAP has reached an all time high, there are not many studies available in this field. This book provides both practitioners and academicians with a comprehensive review and an in-depth understanding of this interesting area, and at the same time, addresses important issues relating to the successful implementation of ERP/SAP systems. The scope expands from the history of SAP to the availability of a strategic implementation plan to ensure the successful and effective deploration of the implementation approach.

Evaluation of R&D Processes: Effectiveness Through Measurements

Average customer rating:

Evaluation of R&D Processes: Effectiveness Through Measurements
Lynn Ellis
Manufacturer: Artech House Publishers
ProductGroup: Book
Binding: Hardcover

General | Business & Investing | Subjects | Books

MIS | Industries & Professions | Business & Investing | Subjects | Books

Management | Management & Leadership | Business & Investing | Subjects | Books

Operations Research | Management & Leadership | Business & Investing | Subjects | Books

Total Quality Management | Management & Leadership | Business & Investing | Subjects | Books

Entrepreneurship | Small Business & Entrepreneurship | Business & Investing | Subjects | Books

General | Science | Subjects | Books

Innovations | Technology | Science | Subjects | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Business & Investing | Qualifying Textbooks - Fall 2007 | Stores | Books

Science | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0890067910

Book Description

Written for research and development managers, this is a practical guide to using quantitative measurement techniques to gauge financial and non-financial company goals. Fifteen information-filled chapters show how to effectively choose R&D projects, create a customer satisfaction and effectiveness index, measure every component of "idea-to-customer" time, and create a "balanced scorecard" which focuses on innovation rather than implementation. The book also explains how to relate R&D procedures to external technical and commercial areas, explores new methods of evaluating and practicing time management, and shows how to use cross-functional teams to integrate R&D with other company functions. Each chapter concludes with a special "Lessons Learned" section that highlights how to put the information provided to practical use.

Mastering System Center Operations Manager 2007 (Mastering)

Average customer rating:

Mastering System Center Operations Manager 2007 (Mastering)
Brad Price , John Paul Mueller , and Scott Fenstermacher
Manufacturer: Sybex
ProductGroup: Book
Binding: Paperback

MIS | Industries & Professions | Business & Investing | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

ASIN: 0470119306

Book Description

Providing intermediate- and advanced-level coverage of all aspects of System Center Operations Manager (SCOM) 2007, this invaluable resource discusses designing, planning, deploying, managing, maintaining, and scripting SCOM 2007
Millions of IT professionals work in Windows Server environments and this book delivers exactly the information that systems administrators and network application developers need to deploy, manage, and maintain SCOM 2007
A hands-on approach offers numerous real-world scenarios to show readers how to use the tool in various contexts
The companion Web site contains a collection of ready-to-use scripts with directions for implementing them in network systems

TREC: Experiment and Evaluation in Information Retrieval (Digital Libraries and Electronic Publishing)

Average customer rating:

TREC: Experiment and Evaluation in Information Retrieval (Digital Libraries and Electronic Publishing)

Manufacturer: The MIT Press
ProductGroup: Book
Binding: Hardcover

Online Books | Books & Reading | Literature & Fiction | Subjects | Books

General | Reference | Subjects | Books

Look Inside Reference Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0262220733

Book Description

The Text REtrieval Conference (TREC), a yearly workshop hosted by the US government's National Institute of Standards and Technology, provides the infrastructure necessary for large-scale evaluation of text retrieval methodologies. With the goal of accelerating research in this area, TREC created the first large test collections of full-text documents and standardized retrieval evaluation. The impact has been significant; since TREC's beginning in 1992, retrieval effectiveness has approximately doubled. TREC has built a variety of large test collections, including collections for such specialized retrieval tasks as cross-language retrieval and retrieval of speech. Moreover, TREC has accelerated the transfer of research ideas into commercial systems, as demonstrated in the number of retrieval techniques developed in TREC that are now used in Web search engines.

This book provides a comprehensive review of TREC research, summarizing the variety of TREC results, documenting the best practices in experimental information retrieval, and suggesting areas for further research. The first part of the book describes TREC's history, test collections, and retrieval methodology. Next, the book provides "track" reports -- describing the evaluations of specific tasks, including routing and filtering, interactive retrieval, and retrieving noisy text. The final part of the book offers perspectives on TREC from such participants as Microsoft Research, University of Massachusetts, Cornell University, University of Waterloo, City University of New York, and IBM. The book will be of interest to researchers in information retrieval and related technologies, including natural language processing.

A Guide to Software Package Evaluation & Selection: The R2ISC Method

Average customer rating:

solid coverage of the topic
Practical and solid approach to selecting software
Highly recommended reading for software selection
Nathan Hollander Scores With a Great Book

A Guide to Software Package Evaluation & Selection: The R2ISC Method
Nathan Hollander
Manufacturer: American Management Association
ProductGroup: Book
Binding: Paperback

General | Business & Investing | Subjects | Books

General | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

ASIN: 0814405533

Book Description

Finding the right software for a company is downright scary! Whether it's for inventory, e-commerce, accounting, e-mail, or whatever else the company needs, a poor software decision has negative ripple effects that can undermine business for years to come (and damage reputations as well).

This pragmatic book is for anyone charged with evaluating and choosing an application. It provides a systematic method for selecting the best software. In careful detail, the book guides readers through each key step to obtaining a package that meets their needs, based on: critical requirements, budget, culture, and in-house technical expertise. Readers learn how to:

* Create a request for proposal (RFP), and then understand how to thoroughly evaluate the vendors' responses * Accurately compare requirements against the package * Ensure that the vendor demonstrations really help them determine if the software can do the job they need * Investigate the software company to make sure it's reliable * Negotiate the contract to the organization's advantage.

Customer Reviews:

solid coverage of the topic.......2007-06-05

as a mid/large size bank, we buy software all the time. lots of people with different backgrounds get involved in the decision and it helps to have a few project managers and business decision makers to use this as a reference. after you do this a few times, it becomes second nature but for anyone that is doing this for the first time, this can be a help guide the project and more importantly, avoid costly mistakes.

Practical and solid approach to selecting software.......2002-06-02

This book provides both selection criteria and a process in which to apply them. It's based on the author's R2ISC method. This method stands for Requirements (current and future), Implementability, Supportability and Cost. Both the criteria and the process are provided in detail and in a step-by-step approach, which has the following benefits:

(1) Ensures that the major selection factors are thoroughly examined.
(2) Reduces cost and technical risks by examining those aspects of the selection.
(3) Addresses the alignment of requirements to business needs, which is often overlooked when IT is entrusted to perform selections (the main failure I've observed is that IT gets too caught up in technical details and features without looking at the way packages support business requirements - this book's approach will prevent that from happening if followed).

Criteria in more detail are:
- Current requirements: how well does the package being evaluated map to current
business needs
- Future requirements: can the package being evaluated be modified to support future business needs (which you will need to forecast).
- Implementability: what is required to implement the package (how well does it fit into your existing technical environment and strategic technology plan)
- Supportability: How much training is required? Are special skills needed that need to be hired or contracted? Are there impacts to existing systems, processes and workload?
- Cost: TCO - total cost of ownership. What will ongoing support, including vendor contracts, cost. This is where the real surprises emerge because the initial costs of a package are but a fraction of the true cost.

The R2ISC process is straightforward and looks deceptively easy at a high level. It consists of the following Set the Goal (rate each package under evaluation against the R2ISC criteria), Narrow the Field (the short list), Select the Winner and Sign the Contract. The last step is the one that is fraught with peril and can undo the best evaluation if the contract is improperly negotiated. The book gives excellent pointers.

If you are faced with software selection this book will give you a clear set of criteria and a process. Be aware that the approach looks easier on paper than it is in practice. This is not a criticism of the book or the approach, both of which are excellent, but a warning that the process takes hard work and due diligence - two ingredients that no book can provide.

Highly recommended reading for software selection.......2001-06-13

Excellent book for both an IT professional or business manager. Presents a well planned methodology and rating method for selecting a software package. Includes plenty of examples. Also includes project planning for the selection process, RFP essentials, contract negotiations, workshops, scripted demos,...

Book has some editing problems but they are minor compared to the overall content of the book.

Nathan Hollander Scores With a Great Book.......2001-05-19

Nathan Hollander is an excellant author of this great guide to software package evaluation & selection. It is great for those new to the computer world and also for those entrenched in the computer sciences. This guide is easy to follow and with its great detail allows the reader to understand the R2Isc method. Personally, I use this book as a guide and quick refference as well as recomending it to my students. Hollander is gold with this, his third guide, and I recomend the use of this book to anyone interested in expanding their knowledge of computers.

Books:

Books Index

Books Home

Recommended Books