Elementary Information Security [Paperback]

Richard E. Smith (Author)

Book Description

Publication Date: November 18, 2011 | ISBN-10: 1449648207 | ISBN-13: 978-1449648206 | Edition: 1e

Comprehensive and accessible, Elementary Information Security covers the entire range of topics required for US government courseware certification NSTISSI 4013 and urges students to analyze a variety of security problems while gaining experience with basic tools of the trade. Written for the one-term undergraduate course, the text emphasizes both the technical and non-technical aspects of information security and uses practical examples and real-world assessment tools. Early chapters in the text discuss individual computers and small LANS, while later chapters deal with distributed site security and the Internet. Cryptographic topics follow the same progression, starting on a single computer and evolving to Internet-level connectivity. Mathematical concepts throughout the text are defined and tutorials with mathematical tools are provided to ensure students grasp the information at hand. Rather than emphasizing memorization, this text challenges students to learn how to analyze a variety of security problems and gain experience with the basic tools of this growing trade.

Product Details

• Paperback: 800 pages
• Publisher: Jones & Bartlett Learning; 1e edition (November 18, 2011)
• Language: English
• ISBN-10: 1449648207
• ISBN-13: 978-1449648206
• Product Dimensions: 7.3 x 2 x 9.1 inches
• Shipping Weight: 3.2 pounds (View shipping rates and policies)
• Average Customer Review: 4.2 out of 5 stars  See all reviews (4 customer reviews)
• Amazon Best Sellers Rank: #643,036 in Books (See Top 100 in Books)

More About the Author

Dr. Rick Smith, Ph.D., CISSP, is a writer, educator, and consultant who operates the Cryptosmith consulting practice. Dr. Smith has over 30 years of experience with computing systems, almost half of which has focused on information security. His first book, "Internet Cryptography," is cited in the Common Body of Knowledge for Certified Information Systems Security Professional (CISSP) certification.

Dr. Smith began his consulting career when he helped found the consulting practice at Secure Computing Corporation.

Earlier in his career, Dr. Smith was a network software developer on the pioneering ARPANET, which evolved into today's Internet. He was also a software developer and lead systems engineer for a pioneering email guard used world-wide in military command centers.

In addition to his two books, Dr. Smith has published numerous articles and papers on information security.

Dr. Smith earned a BS in engineering from Boston University, and an MS and PhD in computer science from the University of Minnesota. He is also a senior member of the ACM and the IEEE.

Most Helpful Customer Reviews

13 of 14 people found the following review helpful

5.0 out of 5 stars Magnum opus on the topic May 18, 2012

By Ben Rothke

Format:Paperback

When I first got a copy of Elementary Information Security, based on its title, weight and page length, I assumed it was filled with mindless screen shots of elementary information security topics, written with a large font, in order to jack up the page count. Such an approach is typical of far too many security books. With that, if there ever was a misnomer of title, Elementary Information Security is it.

For anyone looking for a comprehensive information security reference guide - Elementary Information Security is it. While the title may say elementary, for the reader who spends the time and effort to complete the book, they will come out with a complete overview of every significant information security topic.

The book is in fact a textbook meant to introduce the reader to the topic of information security. But it has enough content to be of value to everyone; security notices or experienced professional.

Author Richard Smith notes that if you want to get a solid understanding of information security technology, you have to look closely at the underlying strengths and weakness of information technology itself, which requires a background in computer architecture, operating systems and computing networking.

With that, Elementary Information Security is a tour de force that covers every information security topic, large and small. The book also provides a relevant overview of the peripheral topics that are embedded into information security.

In 17 chapters covering over 800 pages, the book is well organized and progressively gets more complex. Two large chapters of the book are freely available online, with chapter 3 here and chapter 9 here....

The following are the chapters in the book, which shows a comprehensive overview of all of the core areas around information security:

Security From the Ground Up
Controlling a Computer
Controlling Files
Sharing Files
Storing Files
Authenticating People
Encrypting Files
Secret and Public Keys
Encrypting Volumes
Connecting Computers
Networks of Networks
End-to-End Networking
Enterprise Computing
Network Encryption
Internet Services and Email
The World Wide Web
Governments and Secrecy

The early chapters focus on the fundamentals of computers and networking, and the core aspects of information security. The chapters progress in complexity and deal with distributed systems and more complex security topics. The mid-chapters deal with cryptography, starting with an introduction to the topic, into more complex topics and scenarios. One is hard-pressed to find an information security topic not covered in the book.

Chapter 1 is on Security from the Ground Up and lays the groundwork for what security is. Various topics around risk are detailed; such as identifying, prioritizing and assessing risks.

Chapter 2 is on Controlling a Computer and reviews the underlying architecture around computers.

For some people, much of their learning about information security is based on rote memorization. In the book, Smith eschews this and each chapter closes with a glossary of topics, and penetrating questions. There are also problem definitions which detail practical situations with the hope that the reader can create and adequate security solution. The reader who spends extra time reviewing the questions will find that it will significantly help in their mastering the myriad topics.

The goal of the questions and exercises is to make the knowledge real. Some of the exercises include watching movies with computer security related topics such as The Falcon and the Snowman, Crimson Tide, and others. For example, in The Falcon and the Snowman, the author asks the reader to identify two types of security measure that would have helped prevent theft of the crypto keys. In Crimson Tide, it asks the reader to consider the missile launch procedures portrayed in the film and asks if it is possible for a single person to launch a nuclear missile. Another scenario is that under what circumstances a recipient should accept an unauthenticated message. It also asks the reader to give an example of a circumstance in which accepting an unauthenticated message would yield the wrong result.

The book is not meant as a For Dummies guide to the topic, and it assumes a college-level comprehension of relevant mathematical concepts. Note though that the requisite math is detailed in the sections on encryption and cryptography.

The book is also the first textbook certified by the NSA to comply with the NSTISSI 4011 standard, which is the federal training standard for information security professionals. The author notes on his blog that in order to gain that certification, he had to map each topic required by the standard to the information as it appears in the textbook.

Given the value of the book, (ISC)˛ should consider using this title as a reference for their CISSP certification. With all of the CISSP preparation guides available, even the Official (ISC)2 Guide to the CISSP CBK, one is hard pressed to find a comprehensive all-embracing security reference such as this. Some may even want to simply use this book as their definitive CISSP study guide.

For those looking for a single encyclopedic reference on information security, they should look no further than Elementary Information Security. Richard Smith has written a magnum opus on the topic, which will be of value for years to come. Read more ›

1 of 1 people found the following review helpful

5.0 out of 5 stars Excellent comprehensive textbook, and perfect for self study January 5, 2013

By Tim Leonard

Format:Paperback

Purpose:
If you want to become an information security professional, this is the book you need. It is nearly 900 solid pages of useful information, carefully written. It includes very little material that you won't need, and provides a complete base for on-the-job experience. It covers the security topics required by the ACM's IT curriculum, and the US government's Information Assurance training standards for administrators of national security systems.

Audience:
Though it was created as a textbook for an undergraduate course, it makes an *excellent* text for self study: it comprehensively covers the entire subject area, and it includes all background material that the intended reader may need in order to understand the primary subject matter. The book's organization shows the author's experience with teaching this material in class. The reader must be familiar with files, applications, email, and the web, but needs little more than that--not even programming. Yet because the sections introducing background material are short, appear just before they're needed, and clearly bring to the fore the ideas that are about to be used, they are useful even to a reader with a much deeper background. The discussion covers Linux, Windows, and OS X without assuming that the reader is familiar with any of the three....

Content:
The topics that are covered include (not in this order and not always by these names):
1) controlling access to programs, data, and systems
2) controlling overt and covert access to information
3) encryption in general, and encryption of passwords, files, volumes, and network traffic
4) network security in general, simple networks, networks of networks, network protocols in general, Internet protocols, network monitoring, monitoring tools, network applications in general, email, and the web
5) security in large enterprises and in government

Style:
This is a textbook, not a reference book. It is intended to be read sequentially. Several times a topic is considered in the context of an individual computer, then again in the context of a local area network, and finally in the context of the Internet, each time building on the previous discussion. It is well written, easy to understand, and engaging. It includes occasional discussions of historical background or context, including examples of actual computer incidents that illustrate the material being taught. The frequent figures and tables are helpful and the illustrations are interesting. Each chapter ends with a list of important terms that were introduced, a list of acronyms that were introduced, a set of review questions, and a set of exercises. The review questions and exercises are well done and help the reader to retain what's been learned, or to realize that an important idea has been missed. There's an index! And it's a good one! The index (all 47 pages of it, three columns wide) is very thorough and includes key terms and concepts, not just keywords haphazardly selected from the text, as is far too often the case. The book also comes with access to a website with supplementary learning materials, but they're fairly minimal.

Deficiencies:
I read the entire book, very carefully, and found only a few things to criticize:
1) Other than standards and tools that are referred to by name, the book itself does not point to other reading. The companion website and the authors' website both contain links to additional reading, but I would have preferred a bibliography in the book.
2) I thought the discussion of signaling at the electrical level was somewhat confused. Fortunately, this is background material rather than security-relevant content and the confusion does not affect the ideas that the following sections use.
3) The discussion of the network protocol stack was thorough, but I felt it was not as easy to follow as the rest of the text because the need for each layer was not adequately motivated. Again, much of this is background material rather than primary content. Furthermore, it will only seem more difficult to a reader who is not already familiar with the protocol stack.
4) In the discussion of password cracking, I was somewhat unsatisfied by the discussion of attack space and average attack space because I think analysis is easier in terms of total search space, probability of a success for a given length of search, and expected length of search until the first successful crack.
None of these are serious deficiencies.

Summary:
For the intended audience of aspiring information security professionals, and for those who just want a comprehensive introduction to information security, I think this is a most excellent book and I strongly recommend it. Read more ›

0 of 1 people found the following review helpful

5.0 out of 5 stars Needed it for a class March 20, 2013

By ffemt64

Format:Kindle Edition|Amazon Verified Purchase

I needed this book for a course and wanted it in digital format. The price was considerably less than the paper version.

1 of 10 people found the following review helpful

2.0 out of 5 stars Allllllll Theory....blah blah blah blah September 28, 2012

By The TRUTH!

Format:Paperback

Theory, that's it! Boring book. The author tried to be really cool and called it elementary. It's like calling the bible elemantary christianity. Problem with this book is that it is mainly focused on theory. I challenge you to go to Info security interview after reading this book. the interview will tell you how much of what you have learnt from this book is relative to what you will do in real life. Security + content is way more practical than this jargon. Since he called this book elementary, then I must ask him to show me his advanced stuff. I doubt he has an advanced book. Will this book help you getting a job NO. I am frankly tired of theoretical books, the employers don't give a rat's tail about it. They want to know if you can use Nessus, if you can use wireshark, IDS's IPS's. Waste of time. I have been reading these theoretical tech books for a long time and let me tell you something, nobody cares about your theory, what they care about it HOW DO ACTUALLY YOU THINGS. Giving two stars cause I feel sorry for you.