Information Books

This book is useful to anyone seriously interested in Lincoln, as useful as a dictionary is to a writer. I routinely consult it to refresh my memory of a date or to recall interactions among various Lincoln associates. Articles include a list of sources for deeper knowledge of topics. Lavishly illustrated. Superb.

This encyclopedia is full of articles on the people places and events in President Lincoln's personal and public life as well as articles on the most prominent students and specialists on the subject of Abraham Lincoln.

One can read about important figures such as Seward, Wells, and Douglas, and some of the real people who became a part of Lincoln lore such as Grace Bedell and the Clary Grove Boys.

For those of us who are fans of President Lincoln and interested in reading about him and his era, this is a special book. A past girlfriend purchased this for me and I am grateful she did.

Norman A. Schwartz

This book has details on just about every subject of Abraham Lincoln's life. It is well written and full of interesting photographs. I own several books on Lincoln, and consider this one to be one of the most useful.

This encyclopedia is an wonderful, and essential, reference for all students of Lincoln. Neely has compiled information on a wide variety of subjects related to Abraham Lincoln. Included are major issues such as slavery and temperance, organizations such as the political parties, and people important throughout Lincoln's life and career.

I have been using a Tablet PC for a while, but haven't made full use of it's capability. This book has helped unlock some good tools and tricks to make best use of the Tablet.

I found this book to be really helpful. It has some great information on how to use the Tablet PC with all sorts of software and hardware, making it more useful than I would have guessed.

If you have a Tablet PC, or are thinking of getting one, this is the book for you!

Not only does it talk about some of the basic softwarepackages available for the Tablet PC, it also deals with some esoteric packages, as well as lots of hardware add-ons to make your Tablet PC hum.

If you want to know how to use your Tablet PC to best effect, the section on Usage Scenarios is really helpful. In this section, Mathews shows about 20 different job roles (Attorney, Technician, CEO, Engineer, Consultant, etc.), how each person uses the Tablet PC, and what applications and hardware options they can best utilize.

Since Tablet PCs are all about portable computing, there are also chapters on using wireless networking, and some of the neat new tools such as Microsoft OneNote. Speech recognition and handwriting recognition is explained and tips are given to get the best results.

And if you want to play with your Tablet PC, this book even talks about games and graphics packages that make your Tablet PC more enjoyable in Coach class.

I've read all of the Tablet PC books, and this is the best!

I am in love with my tablet pc. I am a medical student, in clinical rotations, and just love this toy. I wanted to know more about it, and therefore ordered this book. It seemed to be the best book available for my purpose. I am very happy I bought the book.

This book has all the information a new Tablet PC user needs to make the Tablet PC a powerful personal computing device.

The book starts out with the basics, then throws in Usage Scenarios, which show how different people use Tablet PCs. Then the author goes on to explain how to use the various features of the Tablet PC to the max. Finally, the book finishes with Office 2003 and OneNote coverage, then a review of various software and hardware that complement Tablet PCs.

All in all, this is a well-written book that's complete in coverage and easy to read.

Highly recommended!

This one is the best book i've had so far because it's just as the title says. hands on training books are perfect for learning

As an educator who teaches Digital Imaging on the college level, I have become familiar with hundreds of training texts through the years. This book is excellent in that, unlike so many others, it starts at the beginning. I am not entirely sure why training books and digital courses so often pick up somewhere near the middle when we are all trying to encourage others to surrender to the digital age.

After completing 3 books on Adobe After Effects 7, I think I have a fairly good view of the types of instruction books that are available. "Classroom in a Book" by Adobe, this one by Fahs & Weinman, and "Creative After Effects 7" by Taylor.
My earlier rating of "Classroom in a Book" should probably have been at least 4 stars since it's the best of the 3 (for beginners) that I've read.
This one by Fahs & Weinman is straight forward and easy to follow, but isn't quite detailed enough in comparison to the "Classroom" book.
The book by Taylor mentioned above is so filled with typos that it's virtually unreadable and that's why I rated it poor and is definitely the worst of these 3.
After Effects is a very complicated video software effects program and has a steep learning curve on par with the still image processing program Photoshop. The more time you spend with it and the more instruction you can get, the better.

when you are done with this book, wade into the massive haphazard stew that is the Meyers books. Start with this one though, it starts at the beginning, tells you what you need to know when you need to know it, breaks it down just right. AE is a fairly vast program, and it's easy to become overwhelmed and discouraged, so getting the right book can be the difference between sticking with it or not.

This is truly a must have resource for the serious digital photographer! Mark's clear, well documented, and concise presentation of the subject matter will make studying this topic a breeze. The organization is such that a relative beginner can grasp the concept of digital work flow and the procedures used in Lightroom in a short time. The book contains many examples and situations common to the needs of most serious photographers, both professional and amateur.

Mark Fitzgerald has created a Lightroom book that truly distinguishes itself from the rest of the books on this popular subject. He has created a workflow guide that is succinct and easy to read and follows a path that makes intuitive sense while not getting bogged down in excessive detail.

The aspect of this book that really sets it apart is the coverage of the interactive nature that Adobe has built in between Lightroom and Photoshop. After reading this book, one should be confident in knowing how to address all image management issues, including when to use Lightroom and when to use Photoshop, as well as what to do in these programs when one gets there.

Although this book doesn't go in to great detail in a few technical subjects, it strikes a good balance between presenting what one needs to know with keeping the text readable. I would highly recommend it to intermediate amatures to seasoned professionals.

As a serious amateur photographer and Photoshop fan for several years, I loved this book! Mark gave me the tools to get my workflow under control. I have read around 30 books on Photoshop, Lightroom and Camera Raw and this one best explained how each of these terrific programs work together to bring order and fun back into my photography.
Mark is a particularly gifted teacher. He has a way of explaining things with just enough detail to thoroughly explain each concept without getting bogged down in unnecessary side trips.
I recommend this book for anyone who needs help putting their workflow all together so that it works seamlessly from the time the photos leave the camera until they are output!

I'm a professional portrait photographer. I work both in-studio as well as on-location and I have used Photoshop intensively for 6 years and Lightroom since beta. That said, I am always open to learning new methods that can shave time off my workflow - the less time I spend at the computer, the more dollars per hour I make. This book has helped me to learn more about the programs that I use all day every day.

Now, trying to cover ALL of Lightroom and Photoshop in one (albeit full-to-the-brim) book is an impossible task. One has to choose what to cover in depth, and what to leave out. Fitzgerald has done a fantastic job of covering the critical components of the actual workflow without getting bogged down in (for instance) the minutiae of how to do eye enhancement retouching so as to bring out liquidity and presence.

All of us need to `hammer through' thousands of images, sorting, color-balancing, retouching a bit, cropping, etc.,, etc., etc., ad infinitum! And, all of us need to do this faster and smarter without dropping our guard on the finest end result we can create (which is what our clients pay for!) Fitzgerald gives you just the right amount of information so you can get up and running RIGHT NOW and start using the programs.

This book is a huge help in that. Fitzgerald covers the entire process from importing images to Lightroom through final printing out of Photoshop. As a portrait artist who specializes in enhancement retouching I have spent hundreds of hours studying and using Photoshop and Fitzgerald teaches me new stuff on darn near every page. I also simply love Lightroom (especially 2.1!) and Fitzgerald gives so many great little tips along the way I wonder how the heck he could find time to learn it all and write the book when LR2.0 was still in beta!

Caveat: this in NOT an absolutely thorough coverage of every little thing in either of the programs (for instance, color management gets a few pages here and there whereas Bruce Fraser wrote a whole book on it!), but, that said, it sure as heck will give you the groundwork that you require for getting your workflow up and running and for understanding the programs enough to really get good work done. Actually, I am very surprised at how well Fitzgerald did considering the scope of this book.

I wish the index was more thorough, but I wish that for every book (oh! for an on-line concordance for books!) And I wish there were full-tilt keyboard shortcut charts for both programs (but those can be found on-line, I suppose). The layout is a bit dense to my eye, but there is so much to cram in, I guess if it were less dense the book would be a brick.

Lastly, I have to say that I usually find that book writers do a poor job of keeping a teaching-flow going while writing, they jump around, they try and be too `cool' and get all cutesy, or they dive down long, dark rabbit holes and lose the reader. Fitzgerald is one of the best in-print teachers I have come across, and I read many books per month.

All in all: if you want to improve your bottom line by improving your workflow, buy it!

"Advanced Sharepoint Services Solutions" is the second book by Scott Hiller, on Sharepoint Technologies. The first one was about building basic web parts. This book is for developers who have good knowledge of Sharepoint technologies. It is also assumed that you have already built some web parts and also have good understanding of .NET development. If you are looking for basic Sharepoint stuff, refer to his other book "Microsoft Sharepoint Building Office 2003 Solutions".

The Advanced book is not a complete reference on Sharepoint technologies. Instead it contains 8 chapters, which covers widely different areas. There are few chapters which are not covered by other Sharepoint books. This book is good source for CAML, Information Bridge Framework, Business Scorecard Accelerator, Sharepoint and BizTalk Integration, and for Sharepoint and Content Management Server Integration.
Since these topics are usually not covered in regular Sharepoint books, it becomes good source for these topics.

The book has good amount of source code (in C#) along with the text and provides some great ideas for system integrations. But as I said before it is not a complete reference book, just some great solutions for customizing and integrating Sharepoint technologies.

Well, so Hillier's first book on SharePoint wasn't enough for some readers! Apparently, he found demand for explanations of broader, more advanced usages, that he furnishes here in this book.

Perhaps the more important of these are discussed in the second half of the book. Microsoft has developed several other intricate applications, independently of SharePoint. But consider how it integrated the various parts of its Office suite, so that you can easily go from Excel to PowerPoint, say. In similar wise, Hillier explains how SharePoint is compatible with Information Bridge Framework, Business Score Cards Accelerator, BizTalk Server 2004 and the Content Management Service. Granted, none of these is as successful and widespread as something like Excel. These packages are far more specialised and their usages might often involve some programming effort. Thus too, using SharePoint with them also necessitates programming.

Ok, there are parts where you might pass an XML data file to an application, where this file tells it much of what you want it to do. And the XML approach is declarative, not procedural, so it minimises your programming effort. But typically, there are places where you still need the latter.

My impression of what Hillier describes is that Microsoft is not done with further refining of this integration. There are simply too many low level programming steps to be currently dealt with. No fault of Hillier's, naturally. He's calling it as it is. But let us hope that Microsoft continues improving these products.

Scot Hillier is the best SharePoint author - period.

For example: developers need to write web parts. Web parts are custom controls. Can't view a custom control at design/development time, right? Need to install it into SharePoint, run it, test. Right?

Wrong! Scott shows you how to design, develop, and debug at design-time. This little tidbit alone is worth the price of the book.

All of his books will help you become the best SharePoint developer out there.

Sharepoint is so confusing when you get into the backend and this book answered almost all of my questions. Best book I've found. You can tell the author spent a lot of time digging around in the guts of SP and was probably as frustrated as most of us are trying to figure out how to do the simplest of things. Small book, high price. WORTH IT.

When I first saw that this book was coming to light I had mixed feelings. On one hand, I was hunger for more testing knowledge, both theoretical and practical. On the other hand, I am always apprehensive when books talk about tools. However, the book impressed me as a comprehensive guide to Online Testing. And when I read the following (p.18), I was sure the book is what the market needs:

"The important thing to keep in mind is that the Google Website Optimizer is a tool. (...)It cannot do your thinking for you. It cannot plan your tests. It cannot produce the creative. It cannot interpret your results beyond demonstrating numerical significance and confidence. These things are up to you. If you want the tests you run on the Google Website Optimizer to be meaningful and to provide the intelligence you need to make well informed marketing decisions, then this is the book you need."

The authors cover very thoroughly the Why, the What, and the How of Online Testing. All you need to know from the value of testing to how should you get started. The examples are very enriching and illustrate the power of testing and the bottom line: Testing = $$$.

Part I covers the Why; the authors delve on the power of testing and provide some amazing examples of it (including a masterpiece on Amazon's testing efforts). In addition they walk us through the Google Website Optimizer and provide powerful tips on the tool.

Part II covers the What and the How; the chapters are structured in a very actionable way: "Questions to ask", "Exercises", "What to test", and "Apply this to your site". As you read you can implement the tips instantly. A few examples of what to test are: usability, look & feel, searchability, product presentation, up-sell/cross-sell......

Part III covers some technical aspects of testing. The authors provide interesting information about Google website Optimizer scripts, statistical tests, and other special issues.

*The book is well structured, insightful and action oriented: exactly as online marketing should be! I warmly recommend it.*

I like to pick up marketing and business-technical books as much as I can, and read them in the evening to get ideas for improving my small business. Usually I get books from my local public Library (sorry Amazon) but this book was not available there. I'm extremely glad that I bought the book, because it is going to be living on my desk for the next year, not collecting dust on a shelf now that I've read it.

I had heard of Google Website Optimizer before but I had been a bit daunted at the idea of "optimizing" my website. What am I supposed to optimize, and why? This book is really everything I need to get going. The reason that I want to keep this book around is that there is just too much information to work with in one sitting. Each time I am ready for a new test, I will turn to this book for some ideas of what to try, and what variations might be good to try. For each area there are dozens of URLs of articles that are relevant to that kind of test, and I will be visiting those URLs when I am ready for that test. (No point in visiting them yet, there is just so much information.)

This book, then, is not just a tutorial or a technical manual, but an entire *curriculum* of website testing.

But it's more than that. If I'm going to be attempting to improve some aspect of my website, it would be useful to have some useful hypotheses of what might be an improvement; making shots in the dark isn't likely to be as effective. The WIIFM chapter reiterated many of the concepts I had read about in other books (such as types of website visitors) but this is the only book I have seen to actually have some suggestions for how to actually address these visitor types on your landing pages.

So I have to think of this book as a great *marketing* book, not just a great book about Google Website Optimizer.

As someone who has spent some four decades in direct response advertising, I know the value of testing. Like all successful ad people and many successful marketers, I have read and re-read the classic, "Scientific Advertising" by the great Claude Hopkins. It's a classic --- even to this day. Of course, it's quite dated.

Fast forward to "Always Be Testing" by Bryan Eisenberg and John Quarto-vonTivadar with Lisa T. Davis. This book brings Hopkin's important work into the modern age and again puts testing to the forefront, where it belongs. And no one is better qualified to write the book than Eisenberg.

The authors explain Google Web site Optimizer in detail. They show how to use it and how to perform your Web site tests. They discuss the A/B test and the multivariable test. But they go beyond that. They tell you what to test and how to test.

Moreover, they go beyond Google Web site Optimizer and discuss other things to test. All of this information will help you to get far more conversions. With all we have at our fingertips, not testing is just inexcusable.

In my opinion, this book is a modern day classic and is as valuable to our time as Hopkin's book was to his. I hope all my clients read this book and absorb it. I hope they put it into practice.

I've had many experiences when I didn't like the copy I wrote and yet it worked exceedingly well when it went live or, if direct mail, was sent out. I've also had clients who didn't like the copy I wrote for them but I'd tell them to test it. When they did, it succeeded beyond their wildest dreams.

So testing is key to success in marketing. This book is a must-read if you intend to be successful in your online marketing. I highly recommend it to you.

- Susanna K. Hutcheson

Watch Video Here: http://www.amazon.com/review/R31GB8LIZ6HPKQ This book has everything you need to know, and more, about how to do a/b testing that actually works for you. Serious marketers and anyone else who does any type of selling online needs to have this book memorized. Imagine if you read this book and converted 1% better? What would that mean in profit to you for an inexpensive book?

The book was band new just like the seller said and arrived in a timely manner. I would buy from this seller again.

I used this book in my introductory level computer science course. I found this book to be an essential tool in my early undersanding of how computer works in general and more importantly how to develop working algorithms. This book is well designed and easy to read and easy to understand. This book comes with a CD ROM. I believe this is the key feature to this book. On the CD ROM there are emulators of various computer operations. (eg. Compiler tree breakdown, and many other emulators. An Excellent book!

Deckers gives you a concise tour of computer science. Not enough to turn you into a programmer, given the space limitations of the book. But he covers many key ideas in the field. Including Usenet, email, virtual communities [think Second Life], and the World Wide Web. Naturally, he has to explain HTML, as the graphical language of the Web. HTML is so simple that he essentially explains all its important points. Including the crucial hyperlink tag.

The book then segues naturally from HTML to XML. Where you can now write your own tags. Immensely flexible and popular.

It is only after this, that the book goes into the traditional topics of computer science. The explanations of what makes a programming language. He uses JavaScript as one example of such a language. So you learn about constructs like for loops, if-else and while statements.

The book is really dominated by the Web. The pedagogy stresses this.

This book is one of the two texts in FSU's COP 3502: "Introduction to Computer Science" course (a required course in their Computer Science degree). As the authors state in the preface, they "wanted to design a 'CS 0' course that was a true survey course." They did an excellent job. Basically, they start with the assumption that the reader has never turned on a computer in his life and take him through its history, how to use it, what programming is about, and how the hardware works. They even teach a bit of HTML and JavaScript. There's very little I can say that is bad about the book. It comes down to some typgraphical errors, an incorrect web address for the online portion of the book (easily figured out from the page their web address takes you to), and my belief that they took out too many steps in describing computer switches, gates, and circuits. Frankly, I'm amazed that they reasonably went from a neophyte level to a fully-grounded level in one book. I rate it as 5 stars out of 5.

I think it is a much needed and valuable item that every Internet connected animal lover should own. This book gives greaet Internet addresses. It has everything you need to spend many hours of fun and discovery on the Internet with other animal lovers!

The Animal Lover's Guide To The Internet includes nearly 600 Web site addresses and decriptions. In addition, Bonnie included several chapters in the book to help newcomers. The first time I attempted to get on the Net, I felt like I was lost in the twilight zone. Nothing made sense and the books I read on the subject just confused me more. This book is written in simple, easy to understand language and is focused on getting you up and running quickly and painlessly!

An excellent reference guide for animal lovers to the world of Internet in six easy steps to the site of general interest, health, chats, newsgroups and on-line publications about birds, cats, dogs, fish, rabbits, reptiles, horses and even dinosaurs.

First of all, the cover illustration by Bonnie Shields is adorable. Aptly depicted animals gathered around a computer monitor are a visual treat. Look for the cat that is curled around the monitor's base. He is shown rather true to form. The inside illustrations by Sharon Redfield are charming and show an eye for detail. This is a great gift for the animal lover in your family or circle of friends. More so if that animal lover is yourself. Happen to have one or more grandchildren or a niece or nephew with a computer? Animal lover or not, this book would constitute a wonderful study tool. As a comprehensive, yet easy to understand manual for everything from choosing the right computer, accessing the Internet, to fossil hunting, this book excels. The author's words are friendly, warm and serve as the wisdom of a knowledgeable friend. I feel this makes for a perfect package. Well organized, with more than 500 Internet addresses for you to explore, you will find the material broken down into easy to understand classifications. Have fun reading and exploring. I did!

If you are studying for NAPLEX, I would totally recommend you get this book and work through all the questions. I also took the review course given by the authors and it was EXCELLENT. Hall and Reiss are great teachers who organized and tied up all the loose ends that my pharmacy professors could not.

I highly recommend this book -- it is the bible for the NAPLEX. The book by Leon Shargel is difficult to read and in too much detail. This IS the book to get for NAPLEX. If you need more background information for NAPLEX, I would also recommend you get the Drug cards (in small gray binder), Drug Information Handbook and Pharmacotherapy Handbook (HANDBOOK ONLY NOT anything else) by Dipiro et al. If you can, take the review course with Hall and Reiss, the authors -- it is worth the money and not only will it help you with NAPLEX but also shed light on a lot of points that are missed in pharmacy school. They zero in on what is important to know. Hope this helps and good luck!!

This book is an excellant sourse for NAPLEX preparation.I have seen all the other books.Among all it is the standard one.Get familiar with the basics, and follow this book to get good score.

This book is an excellent way to prepare for the NAPLEX exam. It is comprehensive, well written, and worth every penny. I took a live review course presented by the authors in Chicago and it was also super. I learned more in that course than I learned in 5 years of pharmacy school.

I HAVE GONE THRU THIS BOOK & SOLVED ALL THE Q&A 'S ITS AN EXCELLENT BOOK WITH NAPLEX TYPE QUESTIONS & THE ANS ARE EXPLAINED REALLY GOOD . THE BEST PART IS THE STUDY DISK WHICH HAS PATIENT PROFILES WHICH HELPS TO PREPARE FOR NEW NAPLEX. IT IS ALSO A VERY GOOD GUIDE FOR FOREIGN STUDENTS PREPARING FOR FPGEE. IT HAS ALMOST ALL TOPICS COVERED & I WOULD STRONGLY RECCOMMEND THIS BOOK FOR ALL STUDENTS PREPARING FOR NAPLEX EXAM.

Our publisher sent me a copy of Raffael Marty's Applied Security Visualization. This book is absolutely worth getting if you're designing information visualizations. The first and third chapters are a great short intro into how to construct information visualization, and by themselves are probably worth the price of the book. They're useful far beyond security. The chapter I didn't like was the one on insiders, which I'll discuss in detail further in the review.

In the intro, the author accurately scopes the book to operational security visualization. The book is deeply applied: there's a tremendous number of graphs and the data which underlies them. Marty also lays out the challenge that most people know about either visualization or security, and sets out to introduce each to the other. In the New School of Information Security, Andrew and I talk about these sorts of dichotomies and the need to overcome them, and so I really liked how Marty called it out explicitly. One of the challenges of the book is that the first few chapters flip between their audiences. As long as readers understand that they're building foundations, it's not bad. For example, security folks can skim chapter 2, visualization people chapter 3.

Chapter 1, Visualization covers the whats and whys of visualization, and then delves into some of the theory underlying how to visualize. The only thing I'd change in chapter 1 is a more explicit mention of Tufte's small multiples idea. Chapter 2, Data Sources, lays out many of the types of data you might visualize. There's quite a bit of "run this command" and "this is what the output looks like," which will be more useful to visualization people than to security people. Chapter 3, Visually Representing Data covers the many types of graphs, their properties and when they're approprite. He goes from pie and bar charts to link graphs, maps and tree maps, and closes with a good section on choosing the right graph. I was a little surprised to see figure 3-12 be a little heavy on the data ink (a concept that Marty discusses in chapter 1) and I'm confused by the box for DNS traffic in figure 3-13. It seems that the median and average are both below the minimum size of the packets. These are really nits, it's a very good chapter. I wish more of the people who designed the interfaces I use regularly had read it. Chapter 4, From Data to Graphs covers exactly that: how to take data and get a graph from it. The chapter lays out six steps:

1. Define the problem
2. Assess Available Data (I'll come back to this)
3. Process Information
4. Visual Transformation
5. View Transformation
6. Interpret and Decide

There's also a list of tools for processing data, and some comparisons. Chapter 5, Visual Security Analysis covers reporting, historical analysis and real time analysis. He explains the difference, when you use each, and what tools to use for each. Chapter 6, Perimeter Threat covers visualization of traffic flows, firewalls, intrusion detection signature tuning, wireless, email and vulnerability data. Chapter 7, Compliance covers auditing, business process management, and risk management. Marty makes the assumption that you have a mature risk management process which produces numbers he can graph. I don't suppose that this book should go into a long digression on risk management, but I question the somewhat breezy assumption that you'll have numbers for risks.

I had two major problems with chapter 8, Insider Threat. The first is claims like "fewer than half (according to various studies) of various studies involve sophisticated technical means" (pg 387) and "Studies have found that a majority of subjects who stole information..." (pg 390) None of these studies are referenced or footnoted, and this in a book that footnotes a URL for sendmail. I believe those claims are wrong. Similarly, there's a bizarre assertion that insider threats are new (pg 373). I've been able to track down references to claims that 70% of security incidents come from insiders back to the early 1970s. My second problem is that having mis-characterized the problem, Marty presents a set of approaches which will send IT security scurrying around chasing chimeras such as "printing files with resume in the name." (This because a study claims that many insiders who commit information theft are looking for a new job. At least that study is cited.) I think the book would have been much stronger without this chapter, and suggest that you skip it or use it with a strongly questioning bias.

Chapter 9, Data Visualization Tools is a guided tour of file formats, free tools, open source libraries, and online and commercial tools. It's a great overview of the strengths and weaknesses of tools out there, and will save anyone a lot of time in finding a tool to meet various needs. The Live CD, Data Analysis and Visualization Linux can be booted on most any computer, and used to experiment with the tools described in chapter 9. I haven't played with it yet, and so can't review it.

I would have liked at least a nod to the value of comparative and baseline data from other organizations. I can see that that's a little philosophical for this book, but the reality is that security won't become a mature discipline until we share data. Some of the compliance and risk visualizations could be made much stronger by drawing on data from organizations like the Open Security Foundation's Data Loss DB or the Verizion Breaches Report.

Even in light of the criticism I've laid out, I learned a lot reading this book. I even wish that Marty had taken the time to look at non-operational concerns, like software development. I can see myself pulling this off the shelf again and again for chapters 3 and 4. This is a worthwhile book for anyone involved in Applied Security Visualization, and perhaps even anyone involved in other forms of technical visualization.

When security professionals are dealing with huge amounts of information, and who is not nowadays, correlation and filtering is not the easiest path (and sometimes enough) to discern what is going on. The in-depth analysis of security data and logs is a time consuming exercise, and security visualization (SecViz) extensively helps to focus on the relevant data and reduces the amount of work required to reach to the same conclusions. It is mandatory to add the tools and techniques associated to SecViz to your arsenal, as they are basically taking advantage of the capabilities we have as humans to visualize (and at the same time analyze) data. A clear example is the insider threat and related incidents, where tons of data sources are available.

The best sentence (unfortunately it is not an image ;) that describes SecViz comes from the author:
A picture is worth a thousand log entries.

This is a great book that joins two separate worlds, visualization and information security (infosec). The first chapter is an excellent introduction to the human perception system, its basic principles, and how we analyze, discern, and assimilate information. It is an eye opener for those new to the field. Chapter two is similar from an infosec perspective, and summarizes the main challenges and data sources, such as packet captures, traffic flows, and firewall, IDS/IPS, system, and application logs. The third chapter details different graph properties and chart types, including some open-source and online tools for chart and color selection. Although we (infosec pros) are familiarized with link graphs to represent relationships between botnet members or hosts, the book provides a whole set of charts for different purposes; one of the most useful types, and we are not very used too it in the security field, is treemaps. The chapter includes a really useful table to select the right graph based on the purpose of the analysis and the data available.

Then, the previous chapters are smoothly mixed together through a reference methodology that defines what is the problem to solve, and the process to manipulate the available data and generate a (or set of) graph(s) that allow gathering relevant conclusions and answers. The methodology is complemented with an introduction to the standard Unix-based text processing tools (grep, awk, Perl, etc). This methodology is later on applied, with a strong hands-on and how-to spirit, to an extensive set of common security use-cases, such as the perimeter threat, compliance, and the insider threat.

The perimeter chapter offers a deep insight into common attack scenarios, such as worms, DoS or anomaly detection, and operational tasks, like firewall log and ruleset analysis, IDS tuning, or vulnerability assessments. I could never forget how useful were SecViz techniques for anomaly detection on a huge DNS-related incident I was involved about 5 years ago. Thanks to the performance and statistical graphs we had available at that time, we were able to easily identify and solve a very complex and critical security incident.

When I saw this chapter included a wireless section I got really excited due to personal interest. However, I was disappointed as it was just a couple of pages. I think it could be extended to gather a whole set of useful information about complex wireless attacks and client and access points relationships, just by inspecting the different 802.11 management, control, and data frames, and even radio-frequency signals (from a spectrum analyzer). SecViz opens the door to a whole new wireless research area!

The compliance chapter offers a whole methodology to check and manage regulations, control frameworks, auditing, and risk monitoring and management from a visual perspective.

The same applies to the insider threat chapter, as it provides an impressive framework, not only visualization-based, to deal with malicious insiders. It is based on setting up scores for certain behaviors and activities (precursors), generating lists of suspicious candidates, and apply thresholds to accommodate exceptions. It also contains an extensive and directly applicable precursor list at the end to detect suspicious insider activities.

Finally, the book contains a whole chapter, full of references and comparison tables, of open-source and commercial visualization tools and libraries that allow the reader to select the appropriate tool for specific tasks and scenarios.

Although the book hands-on component is very significant, with lots of detailed examples of commands, scripts, and tool options to generate the different graphs, I would have liked to see a thorough usage of the how-to portions, as for some sections there are no specific details about how the graphs have been generated. The book layout makes it the perfect candidate to become a fully interactive technical book. I would suggest to add (for a 2nd edition ;)) practical sections to each chapter where the reader could reproduce all the steps discussed. The book CD is the perfect tool to provide the reader with all the (sanitized) data sets and logs used to generate the graphs, and even allow to include some challenges where the reader needs to analyze the data and answer some questions after generating the appropriate graphs.

To sum up, this book is a mandatory reference for anyone involved in the operational side of infosec, doing intrusion detection, incident handling, forensic analysis, etc, and it can be applied to both, historical analysis and real-time monitoring. Additionally, I found it useful too for auditing and pen-testing professionals, as it provides great tips to generate relevant and efficient graphs for the associated reports.

The accompanying DAVIX Live CD is an excellent resource to start applying the techniques covered throughout the book through open-source tools, SecViz is the Web portal to expand your knowledge on this topic, and AfterGlow is (one of) the most relevant SecViz open-source tools.

Applied Security Visualization (ASV) is a pioneering book in the emerging field of using visualization techniques to explore and represent data from a security perspective. Many security products - everything from intrusion detection systems, firewalls, SIM's, and AV software - offer methods for visualizing data they collect, but no single product has the ideal visualization interface (whatever that is). A main theme in ASV is to impart the reader with the knowledge and skills necessary to ask new questions about security data (such as a set of IDS event logs or application logs) and show the reader how to visually represent the answers to these questions. If a commercial interface has not been designed to visualize a data set in a particular way, ASV introduces tools and techniques to frequently make this possible. For example, common visualizations of firewall logs involve source and destination IP addresses and port numbers, but suppose that you want to create a link graph that involves source and destination IP addresses graphed against the TTL value in the IP header? The information in ASV makes this a snap.

At many points ASV deals with custom data parsing with invocations of clever one-line perl commands, and being a perl hacker myself, these examples are of particular interest.

The discussion in ASV is firmly grounded computer security, and many important security questions are raised along with motivating examples. For instance, a nice example is given for visualizing all outbound connections made from a laptop and differentiating these connections based on whether they are sent over the Tor network for strong anonymity. Additional examples include using visual techniques to detect outliers, combining multiple data sources, using visual aids to assist with regulatory compliance (by quickly conveying meaningful security data to auditors), and much more. One graphing type, invented by Ben Shneiderman, is the Treemap and several examples of its usage are presented. While Treemap graphs are perhaps not intuitively obvious, ASV makes a strong case for why they should be included within your visualization arsenal. A particularly good example is presented in Chapter 6 on using Treemap graphs to visualize vulnerability data provided by Nessus.

Although I'm not an expert in visualization, I have worked in the field of computer security for over ten years, and have written books on the subject (concentrating on intrusion detection systems and firewalls). I gave ASV five stars because it arms the reader with the knowledge required to produce custom visualizations that may not be addressed by any particular tool. This is much more powerful than presenting some specific software and associated (fixed) parser. Security is a process, and ASV provides a foundation for the effective inclusion of visualization techniques in the constant fight to secure computing systems and networks.

Marty explains how to analyse computer security logs using visualisation. The problem is that the logs can, and in fact usually do, become voluminous. You, the sysadmin, then have the uneviable task of manually plodding thru megabytes of text in a log file, looking for possible cracker probes or even actual successful intrusions. As Marty points out, if you can somehow display the data in a concise visual format, then you can take advantage of the high bandwidth of the human eye and the wetware pattern recognition that it is connected to in the brain.

So what display methods are there? Well, the text goes over principles known to graphics artists, but perhaps not as well bruited amongst sysadmins. Basically, you have a two dimensional area, like a computer screen, in which to show data. By judicious use of colour, shape and movement [and some other means] you can extend the effective dimensionality of the graph.

The book talks about various graphs. Describing the limitations of the simple pie, bar and line graphs. More versatile are the scatterplot and cluster graph. The latter lets you show a "graph", in another meaning of the latter word as a connected [perhaps via directed arcs] set of nodes.

The example data are drawn from typical internet logs, like those output by a packet sniffer or by a web or mail server. The logs look at different levels of the Internet Protocol stack. The web and mail server logs sit at the application layer.

Also useful is Marty's survey of open source and commercial plotting packages. The book's CD has a collection of the former. You should consider whether an existing package is suitable for your needs. Much quicker to adapt one, than to code a graphics program from scratch.