* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Cybersecurity Canon](https://www2.paloaltonetworks.com/blog/category/canon/)
* Cybersecurity Canon Candi...

# Cybersecurity Canon Candidate Book Review: Defensive Security Handbook -- Best Practices for Securing Infrastructure

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2019%2F12%2Fcyber-canon-defensive-security-handbook%2F)  
[](https://twitter.com/share?text=Cybersecurity+Canon+Candidate+Book+Review%3A+Defensive+Security+Handbook+%E2%80%93+Best+Practices+for+Securing+Infrastructure&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2019%2F12%2Fcyber-canon-defensive-security-handbook%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2019%2F12%2Fcyber-canon-defensive-security-handbook%2F&title=Cybersecurity+Canon+Candidate+Book+Review%3A+Defensive+Security+Handbook+%E2%80%93+Best+Practices+for+Securing+Infrastructure&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2019/12/cyber-canon-defensive-security-handbook/&ts=markdown)  
\[\](mailto:?subject=Cybersecurity Canon Candidate Book Review: Defensive Security Handbook – Best Practices for Securing Infrastructure)  
Link copied  
By [Helen Patton](https://www.paloaltonetworks.com/blog/author/helen-patton/?ts=markdown "Posts by Helen Patton")  
Dec 30, 2019  
5 minutes  
[Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown)  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Cybersecurity Canon Review](https://www.paloaltonetworks.com/blog/tag/cybersecurity-canon-review/?ts=markdown)

**Cyber Canon Book Review: "Defensive Security Handbook -- Best Practices for Securing Infrastructure" (2017), by Lee Brotherston and Amanda Berlin**

**Book Reviewed by: Helen Patton, The Ohio State University CISO**

**Bottom Line:** *I recommend this book for the Cybersecurity Canon Hall of Fame.*

**Review:**

Lee Brotherston and Amanda Berlin wrote the "Defensive Security Handbook: Best Practices for Securing Infrastructure" to help newly appointed security practitioners and those in management roles. Their goal is to provide a common standard of terms and practices, which can be pragmatically and effectively applied to most organizations. This is not a book for long-time practitioners; it is designed to be a reference for those comparatively new to managing a security program. It is also not a deep engineering book; rather, it is a set of high-level standards and best practices across a wide variety of defensive security activities.

This book provides a broad overview of a number of defensive topics, without focusing too much on any one industry. The authors intentionally made this book for "as many environments as possible" (p. xiv), and as such, they do not give many industry-specific examples (with the exception of the section on industry-specific regulations). Their examples focus on the security professional and that person's tools and processes, without discussing the nuances of different industries. This makes the book appealing to a broad range of practitioners, from companies of different sizes and influence levels.

I appreciate that the authors take a top-down approach -- describing creating a security program and getting executive buy-in. They discuss the creation of policies, standards and procedures, with user education thrown in for good measure. Brotherston and Berlin recognize that creating a security program is, first of all, about aligning the program to business priorities, and they ensure readers are made aware of the benefits of getting financial and human resource support for the security program as a first step.

In each chapter, the authors include basic information on the topic, and also tips and suggestions, notes and words of caution. For example, in the physical security section, they note that "badges are fairly simple to spoof with time and effort. Recon can be completed by someone malicious to attempt to re-create a legitimate badge" (p. 77). Additional resources are referenced appropriately, which makes the reading interactive and thought-provoking. Because this is an overview of many topics, there is not a lot of depth to each discussion -- there is just enough to cover the basic concepts, identify common approaches and challenges, and reference additional resources for readers who want to go further. The layout is clean and the information easy to read and absorb.

It is not until later that the authors dive into technical topics such as operating systems, networking, endpoints, software development, logging and monitoring, and password management. They provide a lot of follow-on resources and an appropriate overview of the topics.

This book is a terrific resource for anyone tasked with starting a security program at his or her company. The authors acknowledge that many security professionals find themselves in a security role after being "voluntold" to do security, and that making the transition from purely IT operations to security leaves a person bewildered and overwhelmed. The authors also recognize that the first tendency of IT people is to find a tool or "pretty blinky LEDs" as a panacea for all security problems. The authors address this by stressing that many effective security strategies do not require a large tool investment, but instead a professional can leverage their organization's existing capabilities to quickly improve the company's risk profile.

They complete the "Defensive Security Handbook" with some "last mile" tips about email, DNS and security through obscurity, as well as a list of resources and links for further information. One drawback of this book is the lack of discussion about dealing with cloud security and hybrid infrastructure environments. Written in 2017, it may be a matter of timing that this vital topic is not addressed. I would look to future editions to correct this oversight.

Because this book targets new security practitioners, it's a solid resource for the target audience. Despite the accelerating changes in security philosophies and technologies, this book will be a mainstay for security defenders for years to come. As a desk reference and a sense check, this book should be in all security managers' libraries. For this reason, I nominate this book for the Cyber Canon.

*We modeled the* [*Cybersecurity Canon*](https://cybercanon.paloaltonetworks.com/)*after the Baseball or Rock \& Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.*

*The Cybersecurity Canon is a real thing for our community. We have designed it so that you can* [*directly participate in the process*](https://cybercanon.paloaltonetworks.com/nominate-a-book/)*. Please do so!*

*** ** * ** ***

## Related Blogs

### [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Book Review: "Black Box Thinking"](https://www2.paloaltonetworks.com/blog/2020/04/cyber-canon-black-box-thinking/)

### [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Book Review: "The Cyber Conundrum"](https://www2.paloaltonetworks.com/blog/2020/04/cyber-canon-cyber-conundrum/)

### [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Book Review: "Design for How People Think"](https://www2.paloaltonetworks.com/blog/2020/04/cyber-canon-design-for-how-people-think/)

### [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Book Review: "InSecurity"](https://www2.paloaltonetworks.com/blog/2020/03/cyber-canon-insecurity/)

### [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Book Review: How America Lost Its Secrets](https://www2.paloaltonetworks.com/blog/2020/03/book-review-how-america-lost-its-secrets/)

### [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Book Review: "The Perfect Weapon"](https://www2.paloaltonetworks.com/blog/2020/03/cyber-canon-the-perfect-weapon/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language