Security in Computing (5th Edition) Book Review
|This book is a beast!!! It is 100 % textbook, with a lot of exercises at the end of the chapters. If your class uses this book, get ready for a fire hose of information. It covers a ton of topics and covers them in depth.|
Although it is a text book the authors do there best to keep it interesting. I really enjoyed the sidebars that include true stories of security breaches. I really like the ones that find out what the criminal was thinking. Some of the reasons for doing what they do are nuts.
One of the biggest problems with security I see today is the security teams oftentimes don't know what to secure, or how to secure stuff when they do. This book starts out with a really nice introduction to what computer security is. The author discusses Values of Assets, the Vulnerability–Threat–Control Paradigm, Confidentiality, Integrity, Availability, Types of Threats, Types of Attackers, Risk and Common Sense, Method–Opportunity–Motive, Vulnerabilities, and Controls. By the time you are done this chapter you have a high level few of today's security issues.
2. Toolbox: Authentication, Access Control, and Cryptography
3. Programs and Programming
4. The Web—User Side
5. Operating Systems
8. Cloud Computing
10. Management and Incidents
11. Legal Issues and Ethics
12. Details of Cryptography
13. Emerging Topics
I was glad to see information on regulations, compliance, and laws. They can wreak havoc on an organization's productivity when left to an unqualified security team. I usually find that IT organizations that have locked down everything from the Internet to your USBs, have no concept of how to implement security in a managed and efficient way.
Years ago I was the lead research and development on a contract with the state. They allowed no internet except for 2 PCs that all 250 people on the project had to use. 90% of the time they were tied up with people checking their personal email. That was the days before smart phones. I would have to go home, research stuff, download it and burn it to CD, and take it in to work. I understand the thoughts behind natural immunity, but separating yourself from the world you are trying to successfully build software for, leads to software that doesn't meet the needs of that world.
More recently I was tasked with building a mobile application. The company had a guest wireless connection in place, but it was so locked down we couldn't use it. We needed to get data plans for the phones to test the applications. They also had emails with attachments reviewed by help desk personnel that would then release them. They basically are operating like the state project I mentioned above. Yet every security audit is failed.
This book does a great job of covering all the security topics you need to know about to work successfully in a decent size enterprise. The detail and depth of each topic amazed me.
A highlight of this book is that after the detailed introduction at the beginning of the book, each chapter contains topics you can read in isolation, while at the same time they are logically tied together.
Another highlight is that the book contains both timeless information and current information doing a really good job of tying the history of a topic to the current state of a topic. For example, the chapter on Cloud computing contains basic information on SaaS, PaaS, and IaaS, as well as sidebars on current research happening today that isn't quite ready for release to the world.
Over all I highly recommend this book not only students that need it for a course, but to everyone that has any interest in learning more about the world of security. For the amount of information and the clarity of its delivery, this book is absolutely worth the price.
Security in Computing (5th Edition)
Security in Computing (5th Edition)