Monday, August 08, 2005

Review of Network Security Evaluation Using the NSA IEM Posted

Amazon.com just posted my four-star review of Network Security Evaluation Using the NSA IEM. I've mentioned the IEM before and I am scheduled for IAM and IEM training this month and next. I expect it to be good, as long as I can ignore all of the INFOSEC terminology. I cannot STAND the term "INFOSEC". Why all capitals? It's not an acronym! It must have Navy roots, e.g. SPAWAR. Argh. Anyway, from the review:

"I am a security consultant in the DC area, so I have heard the NSA IAM and IEM terms bandied about the Beltway. I read Network Security Evaluation Using the NSA IEM (NSE) to get a better understanding of the IEM side of the equation. I found the business process coverage of this book helpful, along with the general understanding of the goals of the IAM and IEM. For these two reasons you may find NSE helpful too."

Many of the authors of this IEM book work for Security Horizon, which provides IAM/IEM services and training. You may recognize founder Russ Rogers, who just published the latest issue of his quarterly Security Journal.

8 comments:

Anonymous said...

INFOSEC, aside from the acronym, is the unofficial name of one the NSA's Information Assurance Directorate. The other is SIGINT, or the Signals Intelligence division. I don't know why INFOSEC was chosen...the official name is the IAD.

Anonymous said...

Interesting, tell me Richard, which of these also trouble you:

COMPUSEC- Air Force computer security

OPSEC- DoD operations security

COMSEC- DoD communication security

Do you feel the terms are yelling at you? Are you troubled by the overbearing appearance these terms have on the lowercase words which surround them?

Let it out.

Richard Bejtlich said...

I never used the term COMPUSEC in any Air Force work I ever did, and I don't recall seeing it. As to letting it out -- ARGHH! Thanks, I feel slightly better. :)

Anonymous said...

Have you read the 'Security Assessment' book as well?

I felt that it was a good introduction into the NSA IAM process, but was wondering if the 'Network Security Evaluation' book takes it to the next level or remains in the same 'introduction' phase for IEM???

Thanks

Richard Bejtlich said...

Hello,

I did not read the IAM book.

Anonymous said...

COMPUSEC program details

http://www.e-publishing.af.mil/pubfiles/446aw/33/446awi33-202/446awi33-202.pdf

Richard Bejtlich said...

Citing a 446 Airlift Wing document doesn't count. Citing an Air Force Instruction that came into effect four days after I left active duty is slightly better: .pdf. Yes, I lose the COMPUSEC battle but I do not concede the war on CAPTERMS (capitalized terms).

Anesha said...
This comment has been removed by a blog administrator.