Amazon.com just posted my four-star review of Network Security Evaluation Using the NSA IEM. I've mentioned the IEM before and I am scheduled for IAM and IEM training this month and next. I expect it to be good, as long as I can ignore all of the INFOSEC terminology. I cannot STAND the term "INFOSEC". Why all capitals? It's not an acronym! It must have Navy roots, e.g. SPAWAR. Argh. Anyway, from the review:
"I am a security consultant in the DC area, so I have heard the NSA IAM and IEM terms bandied about the Beltway. I read Network Security Evaluation Using the NSA IEM (NSE) to get a better understanding of the IEM side of the equation. I found the business process coverage of this book helpful, along with the general understanding of the goals of the IAM and IEM. For these two reasons you may find NSE helpful too."
Many of the authors of this IEM book work for Security Horizon, which provides IAM/IEM services and training. You may recognize founder Russ Rogers, who just published the latest issue of his quarterly Security Journal.