Product: Book - Paperback
Publisher: Peachpit Press
Authors: Tom Negrino, Dori Smith
I first found this book was great with the examples, till friend told me my examples didn't work.
Product: Book - Paperback
Title: Information Security Risk Analysis
Publisher: Auerbach Publications
Authors: Thomas R. Peltier
This is an excellent introduction to risk analysis in general and a highly effective guide for conducting a security risk analysis.
Of the 281 pages in this book, 156 pages are devoted to the seven chapters comprising the "how to" and case study, with the remaining pages allocated to six highly valuable appendices.
Chapter 1, Effective Risk Analysis, starts the book by discussing risk analysis in general, including common approaches, and leads into the author's approach. The next chapter covers qualitative risk analysis, followed by a chapter on value analysis. By this point it's clear that the author's philosophy is to capture major risks, cost data and develop impact without getting bogged down in complex methods. I liked chapter 4, which discusses other qualitative methods, their strengths and weaknesses, which adds context to the heart of this book: Chapter 5, Facilitated Risk Analysis Process. In a nutshell, this approach involves all stakeholders and spreads the responsibility and accountability for identifying, analyzing and prioritizing risks. This is as it should be because security should be everyone's job, and the stakeholders (led by subject matter experts) are the best source of authority for making trade-offs and allocating resources to ensure the degree of security that consensus dictates. Since security is, in part, a function of trade-offs, the Facilitated Analysis Risk Process proposed by the author is an effective and essential process supporting security. Chapter 6 covers other uses of qualitative risk analysis, and is though-provoking and informative. The case study in chapter 7 ties together the preceding chapters and concludes the text on risk analysis.
The appendices are, in my opinion, invaluable. Like a previous reviewer I lament the fact that the tables and forms were not included in electronic format, but this is a minor quibble on my part. Appendix A is a comprehensive, 25-page questionnaire that covers every facet of security risks. Appendix B contains a reproduction of every form associated with the Facilitated Risk Analysis Process (Scope/Business Process Identification, Action Plan, Final Report, Controls List, Risk List and Controls/Risk Cross-Reference List). Business Impact Analysis forms are provided in Appendix C, and a sample report is provided in Appendix D. Threat definitions are provided in Appendix E, and three short papers authored by other experts giving other opinions of risk analysis are the subject of Appendix F.
Overall this is a highly focused book that should not be ignored by anyone who is responsible for security, business continuity or disaster recovery planning. Even if you are more apt to use quantitative methods instead of the qualitative methods proposed by the author, this book is still an important work on security risk analysis. The appendices alone are worth the price of the book.
Product: Book - Paperback
Title: Professional JSP 2nd Edition
Publisher: Wrox Press
Authors: Simon Brown, Robert Burdick, Jayson Falkner, Ben Galbraith, Rod Johnson, Larry Kim, Casey Kochmer, Thor Kristmundsson, Sing Li
Wrox Press continues their time-honored tradional of piling as many authors into one 1200 page volume that they can in the hopes that they will end up with a definitive treatment of the subject. The authors range from seasoned professionals with real-world experience to people with nothing but a year or two of college computer science courses behind them. I must confess that I am not sure what I was expecting in these chapters but since JSP Tag Libraries seemed to be one of the more challenging and interesting areas of JSPs I was hoping for some more meaningful, 'meaty' content.
The assembly of these 18 (yes, 18!) authors wind up generating a book that essentially could have been put together with more precision and continuity if it had 15 fewer authors. It very much comes off as a rushed effort, without any tightness whatsoever. The writing style of this second edition can only be described as amateurish. This, fortunately, can be a little easier to swallow if you accept the spirit of the book (in Wrox's words 'Programmer to Programmer'). Take the text as quickly put-together material from programmers that have been through it (even if it was brief or only in school) and you should be fine.
Many unnecessary forward references exist throughout the text and, because of the unusually large number of authors, there is a large amount of repetition in the body of most chapters. The book's page count could also have been greatly reduced had the authors not consistently given condensed introduction to material that ends up being the subject matter for entire chapters later in the book. For example, two early chapters describe the basics of Tag Libraries, only to have them surface as the primary topic of chapters 8 - 11.
The code included throughout the book is variable in quality, as you might expect. The book doesn't pretend to be an academic tome of best practices or a showcase for some top-flight, brilliant programming but you end up thinking that many of the examples could have been made much more effective with more thought put into them. As with many other programming books out there, this one is definitely not without its errors. You'd hope, however, that with the 21 technical reviewers and 3 editors that worked on this book that it would have fared better than most.
In summary, if you take the text for what it is and skip over the segments of fluff and numerous poor code examples I think that most professional programmers new to this technology will find enough material to make the hefty price tag almost worth it (especially if you share it with others on your team!).
Product: Book - Hardcover
Title: MCAD/MCSD Self-Paced Training Kit: Developing Windows-Based Applications with Microsoft Visual Basic.NET and Microsoft Visual C#.NET, Second Edition
Publisher: Microsoft Press
Authors: Microsoft Corporation, Matthew A. Stoecker
This book only lightly touches on each exam requirement; there is very little depth. It is especially weak in the topics of ADO.NET, security, and testing/debugging. To prepare for the exam, I rolled my eyes, muttered "get it together, Microsoft" under my breath, and just used this book as an outline.
The bulk of my training came from the MSDN documentation, "ADO.NET Core Reference" (ISBN 0-7356-1423-7) by David Sceppa, and "Programming Visual Basic .NET" (ISBN 0-7356-1375-3) by Francesco Balena.
Also, for practice exams, try www.BrainBench.com. They sometimes have promotions for free exams, and the questions are MUCH harder than the actual Microsoft exams (although the objectives are not the same).