Customer Reviews

Security in Computing, 4th Edition

5 star:		(16)
4 star:		(5)
3 star:		(2)
2 star:		(4)
1 star:		(5)

 

 

This book is still the best textbook on the market. Having reviewed (officially) many of the new competitors to this book, this book is still the best at providing an excellent overview to computing security, especially for computer scientists. While I agree with another reviewer that "Hacking Exposed" is another good book, it is not a textbook and does not provide the theoretical underpinnings that this book does. The old edition (2nd) was getting dated and I was glad to see most of the material that needed updating was. In particular, the networking section was updated and sufficient for my course in computer security. Other books tend to provide a more short-term view of security, than a textbook with solid concepts. This series of editions has done a lot to create a science of security, rather than just a collection of techniques.

In 1989, I read the first edition of "Security in Computing" which was one of the best books in the information security field. Fourteen years later, I find the 2003 third edition even better. This is my primary textbook in a graduate course I teach. I also recommend this text to commercial students who are in my CISSP Common Body of Knowledge seminars. What I like best about this book is the index and the bibliography. Personally, I use this text as a reference to remind myself of the concise descriptions of some difficult security issues or protocols. I also recommend this book for managers to develop insights for interviewing potential candidates. The book, just like the field, is very broad and can assist you in understanding the big picture view in information security. It can help you focus on requirements in the development of a secure computing environment and develop some metrics as you define your security architecture. Having spent several decades in the information security field, I find this to be an excellent book for the classroom as well as the reference shelf of information security practitioner and manager in an enterprise environment.

J Holleran, CISSP
Retired Technical Director
National Computer Security Center

Security in Computing (Third Edition) can serve as an upper division undergraduate or graduate level text book. But if you're not a student, and more pragmatic than theoretical, don't let that scare you off. Each chapter is clearly written, well organized, contains a summary, list of terms used, and a brief "To Learn More" section. The book is very up to date: It includes reasonably detailed discussions on the inner workings of AES and even an introduction to quantum cryptography. All the "old standards" are covered as well, including firewalls, viruses and malware, CIA, database security, policy development, network security, trusted operating systems, security law, cryptography and more.

All in all, this is the best general purpose computer security book available. It belongs on the bookshelf of every practicing professional. But you won't want to leave it there - take it down when you need to work in an unfamiliar area. It will help bring you up to speed and point you towards more specialized resources.

Minor caution: This is not a book for security beginners, and it helps to have some background in computer architecture, networks, databases and/or administration. But if you've got that, you won't find a better book. And if you don't this book provides enough ground work for quick studies to understand new security material.

If you really are looking for theory to be able to have a better consulting experience or drive your company into deeper waters regarding security this is your book. For students starting on this I would not recommend it, you may fall asleep during your first couple of pages.

There are a number of approaches to how to teach security ranging from hack it till it breaks to building on sound theory. This book is the latter.

It is a textbook, a bit dry, but that goes with the territory when you know you need to read chapter two to pass the quiz, chapter two gets read. The authors have worked hard, the writing works to make things clear, there are lots of very professional illustrations.

This most reminds me of Matt Bishop's book, with its weight and pagecount, but this is more approachable. This book coupled with a good instructor can certainly help teach the theory, terminology and concepts of information security.

The best chapters are six, Database and Data Mining ten, Privacy in Computing and eleven, Legal and Ethical issues.

The weakest chapter is eight, where they breeze over risk analysis and security policy. I also found chapter three, Program Security made me keep thinking, come on, you are so close, put in the extra effort and take this over the top.

The most interesting thing from a book design is that cryptography is split into chapter two elementary cryptography and the last chapter (twelve) crytography explained instead of being taught back to back.

[A review of the 4th Edition, that was published in October 2006.]

I would compare this book to Matt Bishop's "Introduction to Computer Security". The latter is far more mathematical. Probably too much so for the typical sysadmin who is looking to defend her computers and network. Bishop's book is perhaps best suited to someone who wants to deeply understand cryptosystems and malware, and who might want to design a new cryptosystem or a malware detector. Whereas the Pfleeger book does not stress mathematical formalism at all. Much easier for a broader IT audience to understand. For a sysadmin, programmer, or an IT manager. All you need is some general background in computing, and much of the book will be very intelligible.

For cryptography, there are 2 chapters, that give a quick overview of symmetric and public key systems. At the schematic level, with few equations. The seminal RSA algorithm is explained. The second cryptography chapter is actually the book's last chapter. Appropriate, because it is the most mathematical section of the text. It includes a nice Figure 12-3, that is an especially clear schematic of the hierarchies of complexity classes. It should make apparent the distinction between NP and P(olynomial) complete problems.

There is a wide survey of malware. For viruses, there are qualitative explanations of how viruses can infect code. The level of detail is not that of more specialised books that focus just on viruses. The text does not give you enough to detect or write a virus. But you can understand how they work, at a level adequate for a sysadmin, say. In other words, if you have computers to defend, and you need to choose between various tools for detection, the book gives you enough education to rationally understand the differences between the methods of those tools. At least to the extent that the toolmakers offer such information, and that it is accurate.

For the malware known as phishing, the book does not offer any technical solution. This reflects the current position of much antiphishing thinking. That phishing is social engineering, and no effective technical antidote is known. To which I say, wait a few months. Marvin Shannon and I invented a seminal antiphishing method, and its Patent Pending should soon be published by the US Patent and Trademark Office. I predict that the 5th edition of this book will have a thorough rewrite of antiphishing.

Good book but not for beginners. The author fails to explain many concepts to a level of detail that makes it easy to understand. This book can easily be understood by computer security expert! I spent hours asking these types of questions "What does he mean?", "Why is he assuming I know this and that?", "Where is the example". Hard to understand concepts can easily be undertandable by giving examples. This book doesn't give you examples much. Encryption algorithms without examples? oof!

The book covers a lot of the computer security field. You should have some mathematical background that is not very well explained at the beginning of the book, otherwise it is very difficult to understand some of the proofs.

An excellent book. I highly recommend it to software engineers and other computer scientists who desire a good foundation in computer security topics. It is comprehensive, well organized, and chock full of clear, concise examples which assist the reader in understanding complex subjects. The many "real world" vignettes, many of which were fascinating to read, lent credibility and urgency to this important field of study. I would use it as the basis for an undergraduate or graduate course in this field.

No effort on the part of the author(s) to explain to the novice person. The book assumes you know what it talks about. No samples that completely illustrate the algorithms. When you wonder what the hell is he talking about or what is he trying to say, and you say OH!, may be this is what he means and you want to look at a sample, NO SAMPLES!!. Lazyness thrives in this book. This book gets a 2. This book is for people with advanced level in crytology. With all the respect to the authors, a good book talks to its audiance, not to itself.