Ben's Book of the Month: Review of "From CIA to APT: An Introduction to Cyber Security"

Posted on by Ben Rothke

It’s unclear if Albert Einstein really said that if “you do not really understand something unless you can explain it to your grandmother”. Explaining information security is often a challenge. Many try to explain it to the uninitiated, and often don’t do that great of a job.

For those looking for a technical introductory text, by authors who could explain it to your grandmother, consider From CIA to APT: An Introduction to Cyber Security (ISBN 978-1522074946) by Edward Amoroso and Matthew Amoroso.

At 100 pages, the book provides a solid introduction to the topics for those with a basic technical background. As the former Chief Security Officer of AT&T, Edward Amoroso, knows a thing or two about presenting to executive boards. Which is in many ways, like explaining it to your grandmother.

The book makes extensive use of illustrations and network diagrams and provides a solid introduction to the core concepts of information security.  

With a few historical narratives about significant personalities in the information security space, this is a relatively quick read. Topics such as DDoS, defense in depth, rootkits, advanced persistent threats, and much more.

As a self-published book, it could have used a better editor, and all of the quotes in the book somehow got mispaginated. It also lacks a table of contents and index, which makes looking for topics a bit of a challenge. Aside from these things, this is a solid introduction to the topic.

For those looking for an express guide to the topic, From CIA to APT is a worthwhile introduction to get started on the topic. 

Ben Rothke

Senior Information Security Manager, Tapad

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community