Book Review: "Defensive Security Handbook"

"Defensive Security Handbook: Best Practices for Securing Infrastructure", by Lee Brotherston and Amanda Berlin is a book about creating a security program for an organization. This book condenses the basics of an information security program and gives you tidbits of theory regarding these programs and tools. The book is a mile wide but an inch deep, meaning it will show you a wide array of basic practices but isn't really authoritative on any single subject, so you will definitely have to pick up further reads for any real implementation details. I purchased and read the book off Amazon for $22 at 284 pages. Despite that number of pages, the topics are very brief and the entire book reads quickly as most of the topics are high level theory. I give the book 5 out of 10 stars and recommend it to mainly newer CSOs, CISOs, that lone security person at an organization, or security enthusiasts in general. For casual reading, the book has a sensible advice, instrumenting some of the most core security policies you would need for any security posture. The book is structured such that there is a bunch of bold concepts or pictures in each chapter with about a paragraph or sometimes a little more attempting to summarize the concept. Each chapter is then roughly 7-10 pages and generally reads fast, again lending itself to casual reading. Because of that, I'm just going to list out the chapters below, but there is a very detailed table of contents here, which gives excellent coverage of what the book entails.

Chapter 1: Creating a Security Program
Chapter 2: Asset Management and Documentation
Chapter 3: Policies
Chapter 4: Standards and Procedures
Chapter 5: User Education
Chapter 6: Incident Response
Chapter 7: Disaster Recovery
Chapter 8: Industry Compliance Standards and Frameworks
Chapter 9: Physical Security
Chapter 10: Microsoft Windows Infrastructure
Chapter 11: Unix Application Servers
Chapter 12: Endpoints
Chapter 13: Password Management and Multifactor Authentication
Chapter 14: Network Infrastructure
Chapter 15: Segmentation
Chapter 16: Vulnerability Management
Chapter 17: Development
Chapter 18: Purple Teaming
Chapter 19: IDS and IPS
Chapter 20: Logging and Monitoring
Chapter 21: The Extra Mile

This book is designed as an overview of the basic security theory, programs, and infrastructure to put in place if you are the sole security person at your organization. I am happy that the book covers many critical topics, but many of the same topics I felt the book did not do justice. I don't like how the chapter titled, "Logging and Monitoring", feels bolted on the end (log pipelines are critical to most aspects of modern IR as they can be the backbone to any endpoint and network viability). The book also lacks a lot of technical detail as it mostly focuses on the theory around these programs or the very basics of implementing some tools, so I wouldn't recommend this book to a seasoned information security professional as the book will be mostly high level review.  Finally, I found it strange that it had such high reviews in other places, however this is the review that I resonate most with. All that said, the book is apt if you've been tasked with securing an entire organization and have relatively little prior knowledge about information security.