Saturday, April 21, 2007

Two Pre-reviews

I'm going to spend more time hanging in the sky over the coming weeks, so I plan to read and review many books. Publishers were kind enough to send two which I look forward to reading. The first is Designing BSD Rootkits by Joseph Kong. I mentioned this book last year. Publisher No Starch quotes me as saying

"If you understand C and want to learn how to manipulate the FreeBSD kernel, Designing BSD Rootkits is for you. Peer into the depths of a powerful operating system and bend it to your will!" The second book I plan to read is
IT Auditing: Using Controls to Protect Information Assets
by Chris Davis, Mike Schiller, and Kevin Wheeler. Contrary to what you might think, I am not instinctively at odds with auditors. In fact, I believe working with them is more productive than working against them. I hope this book, published by McGraw-Hill/Osborne, helps me understand their world.

12 comments:

Michael said...

Don't give in to the auditors, Richard! They'll lure you in with that oh-so-friendly "we're from [the government|big 4|internal audit] and we're here to help" and before you know it, you're teaching them how IDS tuning works.

Not to make an overly-simple generalization, and auditing is hard because you're coming into a system environment that you have no familiarity with, but auditors know what they know and what they know are checklists.

bjarte said...

Hanging in the sky? Skydiving or plane? :)

Thomas said...

Can I be impolitic and ask why you wrote (paraphrase) "... this is the book for you" for a book you hadn't read?

Richard Bejtlich said...

Bjarte -- flying, not skydiving.

Thomas -- I looked at a pre-publication draft before making my comment.

Gabe said...

Switched from IT sec to (internal) auditing as of Jan this year. Can't say I like the hands-off nature, but it gives me much needed business understanding, and a view of a picture from the birds-eye.

That, to my check-list biased friend up there, is astoundingly high-level. How risky something is matters more than anything else. For this reason, we may seem far too checklist based - when looking at minor aspects, I'm sure many of us default to checklists to make sure we remembered everything. For major things, it is our judgment that is needed to analyze the processes.

Of course, I've met auditors who wouldn't know a switch from a Mac mini, so YMMW. I hope to get back into ops one day, in some fashion, but I wouldn't forgo the experience I'm gaining for the world.

Gabe said...

YMMV, even.

Sorry bout that.

Thomas said...

It wasn't the fact that the book was unreleased that made me ask; it's that you said you looked forward to reading it.

Richard Bejtlich said...

Thomas,

I didn't read the entire draft. I plan to read the entire book now that it's published.

Keydet89 said...

Richard,

My book is now out from the printer and on its way to the bookshelves! My publisher told me that it's number 8 or so on your Amazon wishlist, and we're going to send you a copy for review.

Hope you like it...

Harlan
http://windowsir.blogspot.com

Richard Bejtlich said...

Let me clarify what I mean by "reading and reviewing." When I read and review a book, I sit down with the printed copy, a pen, and a pad of paper. I read, underline, add notes in the margins, follow URLs, do research, etc. It's beyond what you might consider "reading," especially as it pertains to a .pdf. I don't consider a book "read" until I've digested it in this manner.

Keydet89 said...

Richard,

So what're you saying?

Harlan

Thomas said...

Wokay. That makes sense.