Tangled Web, by author and information security expert Richard Power, is an unbeatable combination of entertaining reading and solid authoritative advice. Employing his highly visible position as editorial director at the Computer Security Institute, Power brings some top names in information security to his writing. The credibility this offers to his readers is beyond measure. People such as Gene Spafford, Dorothy Denning, Sarah Gordon, Rik Farrow and Marcus Ranum, just to name a few of the security luminaries he includes, cannot help but make this work an absolutely definitive offering.

At its core, Tangled Web is a series of stories about some of the most notorious of cybercrimes. Power has stayed away from the hackneyed cases that have been written about ad nauseum, imparting examples that are as fresh as the current evening news. These are offered in the factual, detailed style of an objective reporter.

Interspersed with the reports are interviews and roundtable discussions on the underlying issues of the stories and what security practitioners can do to avoid the consequences revealed in the illustrations. Participants in these interviews include experts already mentioned, plus many more whose names are household words in our business. These discussion sections are presented in separately identified areas, as well as woven into the fabric of the stories.
Unlike many ‘true cybercrime’ writers of today, Power does not go for the hype or take a position. He is scrupulously neutral in his descriptions of the exploits of Datastream Cowboy, the Solar Sunrise case and Analyzer, the Phonemasters, the LoveBug and many others. There is no attempt to glamorize cybercriminals or condemn them.
Power’s style is readable, often lighthearted, neither trivial nor ‘preachy’, and moves rapidly. The work gains much authenticity and credibility from Power’s exhaustive reference to actual court transcripts. Possibly one of the most comprehensively researched books in this genre that I’ve seen to date, the book offers many examples of actual wiretap transcripts – something I know law enforcement typically does not make public.

Generally speaking, if you are in the information security business, you need and will thoroughly enjoy this book. You can read it for the fun of it and give it as a gift to anyone in your organization that needs a dose of reality about infosecurity. They’ll enjoy the book so much that they won’t even realize they’re learning some important lessons. Without reservation, the book gets five stars out of five.
   

SC On-Line
SC Magazine
www.scmagazine.com