|How The Book
Security concepts are organized based on business needs, as opposed to technological similarity. We’ve tried to focus on how these concepts relate in terms of practical business functionality. For example, network monitoring is discussed in Part 1, "Managing Security" rather than in a section on intrusion detection. For people with a technical background, this method of organization may seem strange. But one of our goals is to change the way people think about security. As we’ll say many times throughout the book, security is not a technological issue; it’s a business issue.
As an end-to-end experience, we’ve organized the chapters into parts based on a managerial view of security. We can best explain our view with an analogy to building and securing a house:
Challenging as it was, we tried to make each chapter stand on its own without relying on the knowledge found in other chapters. As a result, a technology or conxviii cept is not mentioned in passing unless it has been previously given a clear explanation. That said, understanding the surrounding concepts always helps, which is why each chapter contains a section that links to related chapters ("Making the Connections"). In a similar vein, each part also starts with a "Connecting the Chapters" section that shows how the part’s chapters interrelate.
How the Chapters are Organized
Each part of the book has a title that describes a business-level need. Examples of part titles are “Managing Security,” “Accessing Information,” and “Storing Information.” The chapters within each part discuss technology concepts related to the business need.
Every part begins with a quick reference page. On the page is a “Summary” that describes the business need and how security fits into the picture. The page also highlights some “Key Points” made throughout the part’s introduction and shows how the part’s chapters interrelate (“Connecting the Chapters”). After the reference page, the introduction explores general security issues faced when servicing the business need.
Within the chapters, we’ve tried to organize things consistently. The following six sections can be found in almost every chapter, in this order:
Technology Overview: This covers the basics—what the technology or concept is all about and how it functions in a business environment.
How it Works: Without getting too technical, we try to describe the way in which the technology or concept works in practice.
Security Considerations: This is where we talk about the security problems caused by the technology or concept. In chapters that describe networking topics, we focus on security issues inherent in whatever’s being covered. In security topic chapters, we look at the limitations of the given security technology/concept and how they can be overcome.
Making the Connection: Here we tie concepts to other chapters in the book. In general, reading the connected chapters will improve your overall understanding of any particular security topic. In a few cases, making the connection is critical to completely understanding the chapter at hand.
Best Practices: We’ve collected some tips and suggestions based on our experience and the experience of others in the security field. These are techniques that can improve the effectiveness of a security technology or prevent failures.
Final Thoughts: This is where we summarize key issues or mention anything that didn’t fit in one of the other sections. If we’ve got nothing else to say, we might just blab for a few paragraphs to fill up space.