| Subcategories |
 |
Computers & Internet |
|
|
|
|
 |
 |
| |
|
|
|
|
|
The Art of Deception: Controlling the Human Element of Security
written by Kevin D. Mitnick, William L. Simon
Studio : Wiley
by Wiley
Publisher : Wiley
Released : 2002-10-11
Availability : Usually ships in 24 hours
Number of Items : 1
Avg. Customer Rating: (based on 124 reviews)
List Price : $16.95
Our Price : $9.99
|
|
| |
|
Product Description |
The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech security
Kevin Mitnick's exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief."
Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security. |
| |
|
Americancivilwar.com Review |
|
The Art of Deception is about gaining someone's trust by lying to them and then abusing that trust for fun and profit. Hackers use the euphemism "social engineering" and hacker-guru Kevin Mitnick examines many example scenarios. After Mitnick's first dozen examples anyone responsible for organizational security is going to lose the will to live. It's been said before, but people and security are antithetical. Organizations exist to provide a good or service and want helpful, friendly employees to promote the good or service. People are social animals who want to be liked. Controlling the human aspects of security means denying someone something. This circle can't be squared. Considering Mitnick's reputation as a hacker guru, it's ironic that the last point of attack for hackers using social engineering are computers. Most of the scenarios in The Art of Deception work just as well against computer-free organizations and were probably known to the Phoenicians; technology simply makes it all easier. Phones are faster than letters, after all, and having large organizations means dealing with lots of strangers. Much of Mitnick's security advice sounds practical until you think about implementation, when you realize that more effective security means reducing organizational efficiency--an impossible trade in competitive business. And anyway, who wants to work in an organization where the rule is "Trust no one"? Mitnick shows how easily security is breached by trust, but without trust people can't live and work together. In the real world, effective organizations have to acknowledge that total security is a chimera--and carry more insurance. --Steve Patient, amazon.co.uk |
| |
|
| |
|
Definitve Text on Social Engineering |
|
Definitive discussion of "social engineering" or deceptive practices to gain access to a company's data. Typically information security discussions center on technology (antivirus, firewall, intrusion detection), but this book makes clear that the weakest link in most security chains are the people in the organization. Only through a good policy and training can this weakness be addressed. A must read for anyone seriously interested in information security. |
| |
|
The Art of Deception - will change your perception... |
Wow! This is a must read book for just about everyone, even those who have not entered the information age yet.
In a world that incessantly grows complex and beyond the understanding of the common man, one simply cannot cope with the new risks and threats that arise on a daily basis. This leads to innocent mistakes that can cause us serious harm.
Often - techies and geeks believe technology is the answer - and to an extent that is true; however, the human element is the weakest link - and this book shows that in a nice way.
Read this book to understand the ploys used, the tactics of a vicious mind (or mischevious), and how easy it is for a vast majority of the people to fall victim. The good thing is that you will get ideas on what you and your company should be doing different.
Remember - although you will learn a lot - maintaining your guard and building immunity against deception is a moving traget. As such - you will need to strive and go beyond the many points covered in the book.
Read it and implement better practices in your work and life without any delay...the risks are not worth it. |
| |
|
Frightening |
Read this book or become a victim! Not only will you learn the how's and why's of social engineering, but you will also be thoroughly entertained by Mitnick's stories. Everyone in the security field should consider The Art of Deception required reading. Let me rephrase that - everyone should be required to read this book. Period.
This would be a great book to recommend to your employees as part of security awareness training. The text is accessible and drives the message home that social engineering is a very real threat. |
| |
|
Social Engineering 101 - Read It or Become a Victim |
"The Art of Deception" was recommended to me by an instructor teaching a CISSP prep class. It is both an enjoyable and informative read. Mitnik is the "real deal" in exploiting social engineering techniques and his books should be required reading by corporate security policy makers (and I am sure it is for many already).
This book illustrates various techniques for bypassing established corporate physical and information security security policies. I have actually inadvertently used some of these techniques when troubleshooting network issues or having forgotten my passcard to gain access to systems and rooms. It is often easier to bypass the rules than to go through the steps needed to obtain proper access and people are surprisingly willing to cooperate "just this one time".
This book will help you sensitize your employees to the risks of bypassing security policy and recognize when this might be occurring. Highly recommended! |
| |
|
Awesome book |
|
This is a complex read, not that it has good literary qualities, but in that it is packed with information that relates to other information within the book, and gaining an overall "bigger-picture" understanding of the concepts withing this book requires multiple readings. |
| |
|
|
|
