REVIEW: "Spies Among Us", Ira Winkler

From: Rob Slade, doting grandpa of Ryan and Trevor (
Date: 06/22/05

  • Next message: "Re: Freeware Anti Virus software??"
    Date: Wed, 22 Jun 2005 15:16:21 GMT

    BKSPAMUS.RVW 20050531

    "Spies Among Us", Ira Winkler, 2005, 0-7645-8468-5,
    %A Ira Winkler
    %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
    %D 2005
    %G 0-7645-8468-5
    %I John Wiley & Sons, Inc.
    %O U$27.50/C$38.99/UK#16.99 416-236-4433 fax: 416-236-4448
    %O Audience n+ Tech 1 Writing 3 (see revfaq.htm for explanation)
    %P 326 p.
    %T "Spies Among Us"

    In the introduction, Winkler admits that the title is slightly
    misleading: most surveillance is not done by international spies, but
    by common or garden thieves, competitors, and so forth. The point
    that he is trying to make is that non-terrorists can hurt you,
    although he raises the issue with illustrations that are not
    completely clear.

    Part one deals with espionage concepts. Chapter one reviews spying
    terminology, but makes points about the process by explaining the
    jargon and distinctions. Risk analysis is introduced in chapter two,
    but the calculations used may not be clear to all readers. An attempt
    to assess the value of information is made in chapter three. Chapter
    four outlines threats (entities that might harm you) and five covers
    vulnerabilities--the way your own operations can make you subject to

    Part two describes some case studies of spying. The content is
    interesting, although the value is rather concentrated in the short
    "vulnerabilities exploited" section at the end of each chapter. I
    must say that I've read all manner of similar stories and case studies
    in various security books, and Winkler's are more interesting than

    Part three deals with protection. Chapter twelve lists a number of
    countermeasures. These are described in a level of detail that is
    appropriate for non-specialists (in security), although the content
    related to technical safety might be a bit thin. How to plan and
    implement an overall security program is outlined in chapter thirteen,
    which includes a very interesting section on how the Department of
    Homeland Security has taught us valuable lessons about how *not* to
    execute safeguards.

    While not structured in a formal manner that would make for easier
    reference, this book nonetheless has some excellent content. Like
    Schneier's "Beyond Fear" (cf. BKBYNDFR.RVW), it is easy enough, and
    engaging enough, for those outside of the security profession to read.
    Busy managers may find the work a bit wordy and disorganized, but it
    makes useful points, and has constructive suggestions. Home users and
    amateurs will find the style most suited to them, although the
    recommended controls are aimed at businesses. Security professionals
    will not (or should not) find anything new here, but may appreciate
    the "war stories" and explanations that can be employed in security
    awareness training.

    copyright Robert M. Slade, 2005 BKSPAMUS.RVW 20050531

    ============= for back issues:
    [Base URL] site
          or mirror
    CISSP refs:     [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Book reviews:   [Base URL]mnbk.htm
    Review mailing list: send mail to

  • Next message: "Re: Freeware Anti Virus software??"

    Relevant Pages