Best Books of the Month Shop Men's Shoes Learn more nav_sap_plcc_6M_fly_beacon $5 Albums All-New Fire TV Stick with Voice Remote Beauty Videos Amazon Gift Card Offer jrscwrld jrscwrld jrscwrld  Amazon Echo Starting at $49.99 Kindle Voyage AutoRip in CDs & Vinyl Fall Arrivals in Amazon Outdoor Clothing Learn more

Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your email address or mobile phone number.

Digital List Price: $91.99
Kindle Price: $57.50

Save $57.50 (50%)

These promotions will be applied to this item:

Some promotions may be combined; others are not eligible to be combined with other offers. For details, please see the Terms & Conditions associated with these promotions.

Deliver to your Kindle or other device

Deliver to your Kindle or other device

Flip to back Flip to front
Audible Narration Playing... Paused   You are listening to a sample of the Audible narration for this Kindle book.
Learn more

Security in Computing (4th Edition) Kindle Edition

54 customer reviews

Amazon Price
New from Used from
"Please retry"
"Please retry"

Length: 880 pages

There is a newer version of this item:

Kindle Daily Deals
Kindle Delivers: Daily Deals
Subscribe to find out about each day's Kindle Daily Deals for adults and young readers. Learn more (U.S. customers only)

Editorial Reviews

From the Publisher

A sweeping revision of the classic computer security text. This book provides end-to-end, detailed coverage of the state of the art in all aspects of computer security. Starting with a clear, in-depth review of cryptography, it also covers specific options for securing software and data against malicious code and intruders; the special challenges of securing networks and distributed systems; firewalls; ways to administer security on personal computers and UNIX systems; analyzing security risks and benefits; and the legal and ethical issues surrounding computer security.

From the Inside Flap

When the first edition of this book was published in 1989, viruses and other forms of malicious code were fairly uncommon, the Internet was used largely by just computing professionals, a Clipper was a sailing ship, and computer crime was seldom a headline topic in daily newspapers. In that era most people were unconcerned about--even unaware of--how serious is the threat to security in the use of computers.

The use of computers has spread at a rate completely unexpected back then. Now you can bank by computer, order and pay for merchandise, and even commit to contracts by computer. And the uses of computers in business have similarly increased both in volume and in richness. Alas, the security threats to computing have also increased significantly.

Why Read This Book?

Are your data and programs at risk? If you answer "yes" to any of the following questions, you have a potential security risk.

Have you acquired any new programs within the last year?

Do you use your computer to communicate electronically with other computers?

Do you ever receive programs or data from other people?

Is there any significant program or data item of which you do not have a second copy?

Relax; you are not alone. Most computer users have a security risk. Being at risk does not mean you should stop using computers. It does mean you should learn more about the risk you face, and how to control that risk.

Users and managers of large mainframe computing systems of the 1960s and l970s developed computer security techniques that were reasonably effective against the threats of that era. However, two factors have made those security procedures outdated:

Personal computer use. Vast numbers of people have become dedicated users of personal computing systems, both for business and pleasure. We try to make applications "user friendly" so that computers can be used by people who know nothing of hardware or programming, just as people who can drive a car do not need to know how to design an engine. Users may not be especially conscious of the security threats involved in computer use; even users who are aware may not know what to do to reduce their risk.

Networked remote-access systems. Machines are being linked in large numbers. The Internet and its cousin, the World-Wide Web, seem to double every year in number of users. A user of a mainframe computer may not realize that access to the same machine is allowed to people throughout the world from an almost uncountable number of computing systems.

Every computing professional must understand the threats and the countermeasures currently available in computing. This book addresses that need.

This book is designed for the student or professional in computing. Beginning at a level appropriate for an experienced computer user, this book describes the security pitfalls inherent in many important computing tasks today. Then, the book explores the controls that can check these weaknesses. The book also points out where existing controls are inadequate and serious consideration must be given to the risk present in the computing situation.

Uses of This Book

The chapters of this book progress in an orderly manner. After an introduction, the topic of encryption, the process of disguising something written to conceal its meaning, is presented as the first tool in computer security. The book continues through the different kinds of computing applications, their weaknesses, and their controls.
The applications areas include:
general programs
operating systems
data base management systems
remote access computing
multicomputer networks

These sections begin with a definition of the topic, continue with a description of the relationship of security to the topic, and conclude with a statement of the current state of the art of computer security research related to the topic. The book concludes with an examination of risk analysis and planning for computer security, and a study of the relationship of law and ethics to computer security.

Background required to appreciate the book is an understanding of programming and computer systems. Someone who is a senior or graduate student in computer science or a professional who has been in the field for a few years would have the appropriate level of understanding. Although some facility with mathematics is useful, all necessary mathematical background is developed in the book. Similarly, the necessary material on design of software systems, operating systems, data bases, or networks is given in the relevant chapters. One need not have a detailed knowledge of these areas before reading this book.

The book is designed to be a textbook for a one- or two-semester course in computer security. The book functions equally well as a reference for a computer professional. The introduction and the chapters on encryption are fundamental to the understanding of the rest of the book. After studying those pieces, however, the reader can study any of the later chapters in any order. Furthermore, many chapters follow the format of introduction, then security aspects of the topic, then current work in the area. Someone who is interested more in background than in current work can stop in the middle of one chapter and go on to the next.

This book has been used in classes throughout the world. Roughly half of the book can be covered in a semester. Therefore, an instructor can design a one-semester course that considers some of the topics of greater interest.

What Does This Book Contain?

This is the revised edition of Security in Computing. It is based largely on the previous version, with many updates to cover newer topics in computer security. Among the salient additions to the new edition are these items:

Viruses, worms, Trojan horses, and other malicious code. Complete new section (first half of Chapter 5) including sources of these kinds of code, how they are written, how they can be detected and/or prevented, and several actual examples.

Firewalls. Complete new section (end of Chapter 9) describing what they do, how they work, how they are constructed, and what degree of protection they provide.

Private e-mail. Complete new section (middle of Chapter 9) explaining exposures in e-mail, kind of protection available, PEM and PGP, key management, and certificates.

Clipper, Capstone, Tessera, Mosaic, and key escrow. Several sections, in Chapter 3 as an encryption technology, and Chapter 4 as a key management protocol, and in Chapter 11 as a privacy and ethics issue.

Trusted system evaluation. Extensive addition (in Chapter 7) including criteria from the United States, Europe, Canada, and the soon-to-be-released Common Criteria.

Program development processes, including ISO 9000 and the SEI CMM. A major section in Chapter 5 gives comparisons between these methodologies.

Guidance for administering PC, Unix, and networked environments. In addition to these major changes, there are numerous small changes, ranging from wording changes to subtle notational changes for pedagogic reasons, to replacement, deletion, rearrangement, and expansion of sections.

The focus of the book remains the same, however. This is still a book covering the complete subject of computer security. The target audience is college students (advanced undergraduates or graduate students) and professionals. A reader is expected to bring a background in general computing technology; some knowledge of programming, operating systems, and networking is expected, although advanced knowledge in those areas is not necessary. Mathematics is used as appropriate, although a student can ignore most of the mathematical foundation if he or she chooses.


Many people have contributed to the content and structure of this book. The following friends and colleagues have supplied thoughts, advice, challenges, criticism, and suggestions that have influenced my writing of this book: Lance Hoffman, Marv Schaefer, Dave Balenson, Terry Benzel, Curt Barker, Debbie Cooper, and Staffan Persson. Two people from outside the computer security community were very encouraging: Gene Davenport and Bruce Barnes. I apologize if I have forgotten to mention someone else; the oversight is accidental.

Lance Hoffman deserves special mention. He used a preliminary copy of the book in a course at George Washington University. Not only did he provide me with suggestions of his own, but his students also supplied invaluable comments from the student perspective on sections that did and did not communicate effectively. I want to thank them for their constructive criticisms.

Finally, if someone alleges to have written a book alone, distrust the person immediately. While an author is working 16-hour days on the writing of the book, someone else needs to see to all the other aspects of life, from simple things like food, clothing, and shelter, to complex things like social and family responsibilities. My wife, Shari Lawrence Pfleeger, took the time from her professional schedule so that I could devote my full energies to writing. Furthermore, she soothed me when the schedule inexplicably slipped, when the computer went down, when I had writerÕs block, or when some other crisis beset this project. On top of that, she reviewed the entire manuscript, giving the most thorough and constructive review this book has had. Her suggestions have improved the content, organization, readability, and overall quality of this book immeasurably. Therefore, it is with great pleasure that I dedicate this book to Shari, the other half of the team that caused this book to be written.

Charles P. Pfleeger Washington DC

Product Details

  • File Size: 6357 KB
  • Print Length: 880 pages
  • Simultaneous Device Usage: Up to 5 simultaneous devices, per publisher limits
  • Publisher: Prentice Hall; 4 edition (January 23, 2007)
  • Publication Date: January 23, 2007
  • Sold by: Amazon Digital Services, Inc.
  • Language: English
  • ASIN: B000P28V8G
  • Text-to-Speech: Enabled
  • X-Ray:
  • Word Wise: Not Enabled
  • Lending: Not Enabled
  • Enhanced Typesetting: Not Enabled
  • Amazon Best Sellers Rank: #169,924 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
  •  Would you like to give feedback on images?

More About the Author

Dr Charles P Pfleeger is the co-author of Analyzing Computer Security (2011) and Security in Computing (of which the current--4th--edition, was published in 2007). An independent consultant with the Pfleeger Consulting Group, he provides computer and information security advice to commercial and government clients throughout the world. Prior to establishing his consulting practice, he was a Master Security Architect with Cable and Wireless and Exodus Communications. Serving as Director of European Operations of Trusted Information Systems (UK) Ltd, he managed to office in London and interacted with colleagues and clients in Europe.

As a professor in the Computer Science Department of the University of Tennessee, he led the Chancellor's computer literacy committee and directed the first Tennessee Governor's School for the Sciences. He has lectured at many universities and industrial locations.

In his spare time he volunteers with Habitat for Humanity, with which he has helped on the construction of over 100 homes for low-income families in Washington D.C. He is also an accomplished pastry chef.

Customer Reviews

Most Helpful Customer Reviews

15 of 15 people found the following review helpful By K. Tracy on January 6, 2003
Format: Hardcover
This book is still the best textbook on the market. Having reviewed (officially) many of the new competitors to this book, this book is still the best at providing an excellent overview to computing security, especially for computer scientists. While I agree with another reviewer that "Hacking Exposed" is another good book, it is not a textbook and does not provide the theoretical underpinnings that this book does. The old edition (2nd) was getting dated and I was glad to see most of the material that needed updating was. In particular, the networking section was updated and sufficient for my course in computer security. Other books tend to provide a more short-term view of security, than a textbook with solid concepts. This series of editions has done a lot to create a science of security, rather than just a collection of techniques.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
10 of 10 people found the following review helpful By J Holleran on May 5, 2003
Format: Hardcover
In 1989, I read the first edition of "Security in Computing" which was one of the best books in the information security field. Fourteen years later, I find the 2003 third edition even better. This is my primary textbook in a graduate course I teach. I also recommend this text to commercial students who are in my CISSP Common Body of Knowledge seminars. What I like best about this book is the index and the bibliography. Personally, I use this text as a reference to remind myself of the concise descriptions of some difficult security issues or protocols. I also recommend this book for managers to develop insights for interviewing potential candidates. The book, just like the field, is very broad and can assist you in understanding the big picture view in information security. It can help you focus on requirements in the development of a secure computing environment and develop some metrics as you define your security architecture. Having spent several decades in the information security field, I find this to be an excellent book for the classroom as well as the reference shelf of information security practitioner and manager in an enterprise environment.
J Holleran, CISSP
Retired Technical Director
National Computer Security Center
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
11 of 12 people found the following review helpful By Richard Steinberger on May 29, 2003
Format: Hardcover
Security in Computing (Third Edition) can serve as an upper division undergraduate or graduate level text book. But if you're not a student, and more pragmatic than theoretical, don't let that scare you off. Each chapter is clearly written, well organized, contains a summary, list of terms used, and a brief "To Learn More" section. The book is very up to date: It includes reasonably detailed discussions on the inner workings of AES and even an introduction to quantum cryptography. All the "old standards" are covered as well, including firewalls, viruses and malware, CIA, database security, policy development, network security, trusted operating systems, security law, cryptography and more.
All in all, this is the best general purpose computer security book available. It belongs on the bookshelf of every practicing professional. But you won't want to leave it there - take it down when you need to work in an unfamiliar area. It will help bring you up to speed and point you towards more specialized resources.
Minor caution: This is not a book for security beginners, and it helps to have some background in computer architecture, networks, databases and/or administration. But if you've got that, you won't find a better book. And if you don't this book provides enough ground work for quick studies to understand new security material.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
7 of 8 people found the following review helpful By Stephen Northcutt on October 31, 2006
Format: Hardcover
There are a number of approaches to how to teach security ranging from hack it till it breaks to building on sound theory. This book is the latter.

It is a textbook, a bit dry, but that goes with the territory when you know you need to read chapter two to pass the quiz, chapter two gets read. The authors have worked hard, the writing works to make things clear, there are lots of very professional illustrations.

This most reminds me of Matt Bishop's book, with its weight and pagecount, but this is more approachable. This book coupled with a good instructor can certainly help teach the theory, terminology and concepts of information security.

The best chapters are six, Database and Data Mining ten, Privacy in Computing and eleven, Legal and Ethical issues.

The weakest chapter is eight, where they breeze over risk analysis and security policy. I also found chapter three, Program Security made me keep thinking, come on, you are so close, put in the extra effort and take this over the top.

The most interesting thing from a book design is that cryptography is split into chapter two elementary cryptography and the last chapter (twelve) crytography explained instead of being taught back to back.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
4 of 4 people found the following review helpful By W Boudville HALL OF FAMETOP 1000 REVIEWERVINE VOICE on October 27, 2006
Format: Hardcover
[A review of the 4th Edition, that was published in October 2006.]

I would compare this book to Matt Bishop's "Introduction to Computer Security". The latter is far more mathematical. Probably too much so for the typical sysadmin who is looking to defend her computers and network. Bishop's book is perhaps best suited to someone who wants to deeply understand cryptosystems and malware, and who might want to design a new cryptosystem or a malware detector. Whereas the Pfleeger book does not stress mathematical formalism at all. Much easier for a broader IT audience to understand. For a sysadmin, programmer, or an IT manager. All you need is some general background in computing, and much of the book will be very intelligible.

For cryptography, there are 2 chapters, that give a quick overview of symmetric and public key systems. At the schematic level, with few equations. The seminal RSA algorithm is explained. The second cryptography chapter is actually the book's last chapter. Appropriate, because it is the most mathematical section of the text. It includes a nice Figure 12-3, that is an especially clear schematic of the hierarchies of complexity classes. It should make apparent the distinction between NP and P(olynomial) complete problems.

There is a wide survey of malware. For viruses, there are qualitative explanations of how viruses can infect code. The level of detail is not that of more specialised books that focus just on viruses. The text does not give you enough to detect or write a virus. But you can understand how they work, at a level adequate for a sysadmin, say.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again


There are no discussions about this product yet.
Be the first to discuss this product with the community.
Start a new discussion
First post:
Prompts for sign-in

What Other Items Do Customers Buy After Viewing This Item?