Review of Network Security Evaluation Using the NSA IEM Posted

Amazon.com just posted my four-star review of Network Security Evaluation Using the NSA IEM. I've mentioned the IEM before and I am scheduled for IAM and IEM training this month and next. I expect it to be good, as long as I can ignore all of the INFOSEC terminology. I cannot STAND the term "INFOSEC". Why all capitals? It's not an acronym! It must have Navy roots, e.g. SPAWAR. Argh. Anyway, from the review:

"I am a security consultant in the DC area, so I have heard the NSA IAM and IEM terms bandied about the Beltway. I read Network Security Evaluation Using the NSA IEM (NSE) to get a better understanding of the IEM side of the equation. I found the business process coverage of this book helpful, along with the general understanding of the goals of the IAM and IEM. For these two reasons you may find NSE helpful too."

Many of the authors of this IEM book work for Security Horizon, which provides IAM/IEM services and training. You may recognize founder Russ Rogers, who just published the latest issue of his quarterly Security Journal.

Comments

Anonymous said…
INFOSEC, aside from the acronym, is the unofficial name of one the NSA's Information Assurance Directorate. The other is SIGINT, or the Signals Intelligence division. I don't know why INFOSEC was chosen...the official name is the IAD.
1:50 PM
Anonymous said…
Interesting, tell me Richard, which of these also trouble you:

COMPUSEC- Air Force computer security

OPSEC- DoD operations security

COMSEC- DoD communication security

Do you feel the terms are yelling at you? Are you troubled by the overbearing appearance these terms have on the lowercase words which surround them?

Let it out.
6:22 AM
Richard Bejtlich said…
I never used the term COMPUSEC in any Air Force work I ever did, and I don't recall seeing it. As to letting it out -- ARGHH! Thanks, I feel slightly better. :)
7:34 AM
Anonymous said…
Have you read the 'Security Assessment' book as well?

I felt that it was a good introduction into the NSA IAM process, but was wondering if the 'Network Security Evaluation' book takes it to the next level or remains in the same 'introduction' phase for IEM???

Thanks
7:16 PM
Richard Bejtlich said…
Hello,

I did not read the IAM book.
8:19 PM
Anonymous said…
COMPUSEC program details

http://www.e-publishing.af.mil/pubfiles/446aw/33/446awi33-202/446awi33-202.pdf
1:31 PM
Richard Bejtlich said…
Citing a 446 Airlift Wing document doesn't count. Citing an Air Force Instruction that came into effect four days after I left active duty is slightly better: .pdf. Yes, I lose the COMPUSEC battle but I do not concede the war on CAPTERMS (capitalized terms).
2:18 PM
Anonymous said…
This comment has been removed by a blog administrator.
7:27 AM
Post a Comment

Popular posts from this blog

MITRE ATT&CK Tactics Are Not Tactics

Image
Just what are "tactics"? Introduction MITRE ATT&CK  is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else. The MITRE ATT&CK Design and Philosophy document from March 2020 says the following: At a high-level, ATT&CK is a behavioral model that consists of the following core components: • Tactics, denoting short-term, tactical adversary goals during an attack; • Techniques, describing the means by which adversaries achieve tactical goals; • Sub-techniques, describing more specific means by which adversaries achieve tactical goals at a lower level than techniques; and • Documented adversary usage of techniques, their procedures, and other metadata. My concern is with MITRE's definition of "tactics" as "short-term, tactical adversary goals during an attack," which is oddly recursive. The key word in the tacti...
Read more

Zeek in Action Videos

Image
This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project .  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks . It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot .  Please like and subscribe, and let me know if there is a topic you think might make a good video.
Read more

New Book! The Best of TaoSecurity Blog, Volume 4

Image
  I've completed the TaoSecurity Blog book series . The new book is  The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship .  It's available now for Kindle , and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best entries from 18 years of writing and over 18 million blog views, along with commentaries and additional material.  In this title, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Volume 4 offers early white papers that Mr. Bejtlich wrote as a network defender, either for technica...
Read more