Tuesday, February 11, 2014

[Review] The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick


Rating: 4/5
Learning Level: 4/5
Genre: Non-Fiction, Security
Book Review:
    Kevin Mitnick was one of the world most notorious hackers who has turned into a security specialist. I first heard of him from his another book--Ghost in The Wired. It was interesting learning his story as a hacker, and learning of what he is capable of. And, now, he just turns that knowledge to us.
        Do I like this book? Yes, I do. But, I have a mixed feeling to recommend this book to most readers. Here is why. To me, I think this book consists of two parts. The first part (chapters 1 - 14) is about interesting and exciting stories of hackers. The second part (Chapters 15-16) of this book is about boring security policy. So, I think, most readers would find first 14 chapters very interesting and exciting. If you are one of these people, you might as well skip the last two chapters, because it is more like a text book, and we are not in collage and preparing for security exam.

     If you are a security specialist, on the other hand, you would find this book very interesting and motivating. Chapters 15 and 16 would be especially useful. They act as a great starting point for drafting IT security policy. You might have to adjust them to fit your need. But this guideline is very concrete and ready to use. 
     So, overall, I would recommend book for everyone (just skip chapters 15 and 16). I would strongly recommend this book for security specialists. It is a great book. The audiobook version is narrated by Nick Sullivan. He did a good job. He made the content vivid and so easy to digest. But again, despite his best effort, chapters 15 and 16 are just too formal and it’s not easy to digest in audio format. If you want to read them, you should get the text format. 

Takeaways:

  • It is our nature to trust people. Evolution makes us use feeling over reason. In the ancient time, we need to use our feeling to survive. Social engineers know this fact quite well. They will exploit our nature for trusting people so easily to get what they want. Nowadays, you cannot trust people by just using feeling.
  •  Be nice but skeptical. Don’t trust people so easily. When someone claim something, try to find a nice way to verify it.

Table of Contents

  • Preface
  • Introduction
  • Part 1: Behind the Scenes
    • Chapter 1: Security’s Weakest Link
  • Part 2: The Art of the Attacker
    • Chapter 2: When Innocuous Information Isn’t
    • Chapter 3: The Direct Attack: Just Asking for it
    • Chapter 4: Building Trust 
    • Chapter 5: “Let Me Help You”
    • Chapter 6: “Can You Help Me?”
    • Chapter 7: Phony Sites and Dangerous Attachments
    • Chapter 8: Using Sympathy, Guilt and Intimidation
    • Chapter 9: The Reverse Sting
  • Part 3: Intruder Alert
    • Chapter 10: Entering the Premises 
    • Chapter 11: Combining Technology and Social Engineering 
    • Chapter 12: Attacks on the Entry-Level Employee
    • Chapter 13: Clever Cons
    • Chapter 14 Industrial Espionage
  • Part 4: Raising the Bar
    • Chapter 15: Information Security Awareness and Training 
    • Chapter 16: Recommended Corporate Information 
  • Security Policies
  • Security at a Glance
Source: The Art of Deception: Controlling the Human Element of Security
---------------------------------------------------------------------------------------------------------


Book or Audiobooks?

          Personally, I prefer audiobooks. It's fun, and I can listen when I'm doing something else. It also makes other activities (e.g., jogging) a lot more fun. For more detail about audiobooks, please read [this post].     
          There is one more reason that may encourage you to go for the audiobook version. You can get it now for FREE. Audible offers you a free trial for 14 days. Even if you get the book and cancel the subscription right away (so that you don't have to pay), you can keep the book. And, don't worry if you lost the audiobook file. Just log into audible.com. You can keep downloading the over and over again.

    About the summary: It takes time to finish up a book. And, when you do, sometimes, you want to review what you learn from the book. If you do not make  notes as you read, you might have to go through the book once again. This can be time-consuming when you are dealing with a book. But you can still flip through the book and locate what you are looking for.

However, when the material is an audiobook, it is extremely hard to locate a specific part of content. Most likely you will have to listen to the entire audiobook once again.

This book summary will help solve the pain of having to go through the book all over again.

I am leaving out the details of the books. Most books have interesting examples and case studies, not included here. Reading the original book would be much more entertaining and enlightening. If you like the summary, you may want to get the original from the source below.


No comments:

Post a Comment