5 comments about Insider Computer Fraud: An In-depth Framework for Detecting and Defending against Insider IT Attacks.

1. I really enjoyed reading this book. It provides a comprehensive framework for understanding insider threats and Risk management.
   
   The author integrates a lot of components like Risk Assessment, Threat Modeling, Privacy assessment, Cyber security, Application security, Web services and Computer architecture as it relates to insider threat identification and prevention. If you deal with any of these components - you must read this book. You will learn so much - all in one place.
   
   This book is logically arranged; the author does an excellent job building from one topic to another. It is an eye-opening and fascinating book as it presents the methods, safeguards, and techniques that help protect an organization from insider computer fraud.
   
   I really liked Chapter 3 which covered Risk Assessment very well. It walks the reader with a step by step risk assessment methodology, which is very critical in any environment.
   
   As a IT Security professional this book has become an invaluable resource for me.
   
   Bottom line: Must read and well worth the price.



2. 
   "Insider Computer Fraud" is a thorough and and extremely well done coverage of a complex topic which has important implications for people and the companies they work in. We often focus on external threats but as recent event show insider threat is as critical and can impact whole industries over night. Brancik's coverage of Novelty Neural Networks and their use to detecting insider fraud is an important contribution. Anyone in the financial services industry that has a role in protecting against computer fraud should read this book.



3. Ken Brancik has written a tour de force compendium about insider computer fraud. His years of practical experience shine through in this very practical book for anybody who needs to act in the defense of real systems. Brancik's own experience is combined with exhaustive references to case studies, legislation, and research.
   
   The reader will enjoy a thorough presentation of the domain theory, combined with very detailed explanation of technical methods. For example, Brancik provides a rich taxonomy, which will be of huge value to any practitioner looking to divide and conquer such problems. Moreover, this taxonomy is only one of the elements in "an in-depth framework for detecting and defending against insider IT attacks". The book's content is true to the claim of its title.
   
   Beyond what can be done and needs to be done as the first steps to thwart such attacks, Brancik also points the way to the future. Statistical models of anomaly, for example, have had a small place in computer security when compared to rule-based pattern detectors. Both approaches are needed, and this book describes neural networks -- associative memories in particular -- as a way toward more powerful hybrid systems of the future.
   
   "Insider Computer Fraud" would make a great textbook for the student, an invaluable cookbook for the practitioner, and a provocative guide to the researcher. It is also a must-have reference for anybody in the field of computer fraud more generally.



4. Brancik covers computer fraud from every angle imaginable. It's precise, thorough and methodical. The index is detailed and specific in getting the exact information you need quickly. This book can be used as a reference for looking to tighten security and also as a textbook in the classroom. I specifically liked Chapter 6 that covered web services, which is the most widely missed security flaw in companies today.
   
   Brancik put together a fraud taxonomy that also can be used by professionals to measure how secure they are. This goes beyond most classroom lectures because this is the kind of information you need in real life work scenarios. What I liked mostly about this book was that the chapters flow into one another and while it covered a wide range of topics it did not feel like I was reading just another computer textbook. The book covers security and audit like no other book on the market and I have read most of them being in the banking sector for a number of years. I recommend this book highly.



5. Just started and finished (3 days in a row :)) this excellent book on insider fraud - it is one of my best buying decisions.
   
   I was impressed with the framework and found the loan example very clear. Altough the issue of insider fraud is considered a high risk there are not many good academic resources to help so not only the book is enjoyable to read it is very usefull to technical and business people interested in the subject.
   
   Very good work

No comments about Computer Crime Law, 2d (American Casebook).

4 comments about Investigating Computer Crime.

1. Well illustrated but contains very basic information. Good for field officers that may seize a computer but any information beyond basic seizure techniques is lacking. Not a book for an experienced computer investigator



2. This book was published in 1996, however, the information seems like it comes from 1986. It is full of stereotypes and hacker rumors that any REAL hacker would laugh at. It might be good if you want the info on search warrants, but computer hardware and software has changed so much that most of this book is irrelevant today.



3. A fair basic book for an overview of general computer forensic methods for the uninitiated. Not a book for the experienced computer forensic examiner. Content is very outdated.



4. Before basic there is " Investiagting Computer Crime". If you have an knowledge of investigations or computers, this book is not for you. Other than a brief section in outdated programs the book offers no assistance....sorry. Not even a maybe book for investigators.

No comments about Meet Me At Midnight (Harlequin Intrigue Series).

No comments about Computer Crime.

No comments about 21st Century Guide to the U.S. Attorneys ¿ Executive Office for U.S. Attorneys under U.S. Attorney General John Ashcroft ¿ Opinions, Policy Statements, Staff Manuals, U.S. Attorneys¿ Manual, Bulletins on Civil Issues, Terrorism, Fraud, Internet Fraud, Cybercrime, Computer Crime, Criminal Resource Manuals, Report on Los Alamos (Core Federal Information Series).

No comments about Angela's Top-Secret Computer Club.

5 comments about The New Forensics: Investigating Corporate Fraud and the Theft of Intellectual Property.

1. Security literature is filled with titles on procedures, processes, and details of performing forensic investigations. Despite its title, this book is not another one. Equal parts autobiography, mystery, biography, and action thriller, the book is an overview of the cases and characters with which the author, a forensic investigator at Deloitte and Touche, has been involved.
   
   In chapter after chapter, the reader receives a high-level view of the tools and technologies used in forensic investigations, then learns the inner workings of specific corporate frauds. These cases range from garden-variety frauds to cybercrime.
   
   One fascinating chapter explores the disposition of a bank account dormant since the Holocaust and how forensic investigators cracked the case 60 years after the fact. It describes how a large group of investigators went to Switzerland to determine the beneficiaries of dormant World War II-era Swiss bank accounts. The chapter details methodology used to retrieve documents and to discover what was hidden and who was entitled to it.
   
   Geared for management-level readers without much technical background, the book spares the reader byte-by-byte details on forensic evidence gathering and handling. Story after story gives readers a very accessible account of how investigators detected fraud, misuse, and a wide range of other corporate criminality. With its real-life drama, the book is both an enjoyable and instructive read.



2. boring and not in depth. if you are looking for an adventure, this is not the book for you.



3. This book was recommended to me by a coworker when I was working at one of the big four in the area of data mining. I was at first skeptical of the depth of its IT specifics but quickly realized that between the gripping lines of adventure the author skillfully embedded vital knowledge that's critical for anyone who wants to get the insight of corporate systems, IT infrastructures, and how they work together. In the format for a novel, the author took me on an exciting and informative ride in the world of corporate forensic investigation.



4. This book is fascinating. The style of writing allows you to go inside the minds of corporate fraud offenders. In order to do the crime it fosters accomplices along the way. The amazing thread is that the criminals have their scheme planned out but they forget one critical element, there's always someone that can find the trail that's left behind. Computer fingerprints. I thought that the book was eloquently written and I walked away with a clear understanding of corporate criminal fraud and what criminals will do for greed.



5. there's some interesting stuff in here, particularly in the area of computer forensics. but the book jumps all over the place. it starts with an good story of a real forensic raid (i beleive just the names were changed to protect the innocent), but abruptly switches to entirely unrelated situations. it eventually drops the storyline altogether, leaving you wondering how it ended and what the aftermath was.

No comments about Crime and Deviance in Cyberspace (International Library of Criminology, Criminal Justice and Penology- Second Series).

5 comments about At Large: the Strange Case of the World's Biggest Internet Invasion.

1. After reading Cliff Stolls book, The Cuckoo's egg, i was up for another great book about hacking. This wasnt it. It was somewhat melodramatic at times, throwing in adjectives to make things sound interesting, but being written from an outsiders perspective it couldnt convey the feeling required to get you into the book. I also disliked the constant jumping between characters plots, sometimes every other page. The capper was when it said "anyone who has worked with DOS has a rough idea of what Unix is like". NOT! This is good for the armchair non-computer person.



2. This book is the worst piece of crap I have ever read. Same old sob story about the feds, etc. not taking computer crime seriously and being slow to get moving...blah, blah, blah....They figure out who the hacker is halfway through the book...so...no tension, no suspense, nothing....
   Save your money...come over to my house and steal my copy. I wont miss it one bit.

   The only shame is that I have to give it 1 star rather than NOTHING.....SAVE YOUR MONEY!!!!!




3. I am always up for true computer crime stories so I purchased it even though other customers dumped all over it. The book was very accurate (minus two inaccuracies in terminology) and easy to read. It did lack suspense but then again I read it for the historical perspective and not so much as a "who done it". Overall it was a fun read. Not as good as the The Cuckoo's egg but still worth reading.



4. This book chronicles the exploits of a young computer enthusiast who managed to break into an alarming number of computers, mainly by sheer perseverance. The book is also the story of the people who hunted this early cybercriminal and how he was ultimately caught.
   
   One of the remarkable aspects of the story is that the chief antagonist (the "hacker") was not particularly skilled. He was what's called a "script kiddie" in the biz. Another remarkable aspect of the book is that after breaking into dozens of computers, and finally getting caught after dozens of people had invested hundreds of hours tracking him, he was basically let off the hook with very little punishment.
   
   I found this to be a fascinating account of an extraordinary series of events. I recommend this book especially for those who are interested in the field of information security as it provides a glimpse of the motivations and methodology of one notorious cracker. For people who are interested in crimes or security, this will be a riveting story.
   
   All that said, this is only one side of the story and I wondered how accurate the reporting was. In particular, I wished that there was more on the motivation and thinking of the main antagonist, the super-cracker-slash-script-kiddie pseudo-named Matt Singer. In the book, he is characterized basically as a bad guy. There has been more written about this story and apparently the script kiddie's real name is Tim Bach. You can find his posts in the freebsd.org mailing list archives from 1995 and other on-line traces. These "real-world" glimpses do not seem, IMHO, to jive completely with the character in this putatively non-fiction book.
   
   In the same vein, Trent Fisher (no pseudonym for him in the book) has a website and doesn't seem too happy in how he was characterized.
   
   And, finally, the events are ancient history. In many ways, information security has taken strides since these events unfolded. Law enforcement and especially forensics are more advanced. And in important ways, modern worms represent the evolution of this breed of attacker.
   
   But it's still a fascinating and, I think, important story.



5. I really enjoyed reading this book. If you're into computers and networks or simply like a chase, you'll definitely want to read this one. It has some strange twists and an even stranger ending.