Security Engineering and over one million other books are available for Amazon Kindle. Learn more


or
Sign in to turn on 1-Click ordering.
or
Amazon Prime Free Trial required. Sign up when you check out. Learn More
Kindle Edition
 
   
Sell Back Your Copy
For a $31.20 Gift Card
Trade in
More Buying Choices
Have one to sell? Sell yours here
Security Engineering: A Guide to Building Dependable Distributed Systems
 
 
Start reading Security Engineering on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Security Engineering: A Guide to Building Dependable Distributed Systems [Hardcover]

Ross J. Anderson (Author)
4.3 out of 5 stars  See all reviews (9 customer reviews)

List Price: $75.00
Price: $48.57 & this item ships for FREE with Super Saver Shipping. Details
You Save: $26.43 (35%)
  Special Offers Available
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In Stock.
Ships from and sold by Amazon.com. Gift-wrap available.
Want it delivered Monday, January 30? Choose One-Day Shipping at checkout. Details
Textbook Student FREE Two-Day Shipping for Students. Learn more

Formats

Amazon Price New from Used from
Kindle Edition $43.71  
Hardcover $48.57  
Sell Back Your Copy for $31.20
Whether you buy it used on Amazon for $33.99 or somewhere else, you can sell it back through our Book Trade-In Program at the current price of $31.20.
Used Price$33.99
Trade-in Price$31.20
Price after
Trade-in
$2.79

Book Description

0470068523 978-0470068526 April 14, 2008 2
The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here?s straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.

Special Offers and Product Promotions

  • Buy $50 in qualifying physical textbooks, get $5 in Amazon MP3 Credit. Here's how (restrictions apply)

Frequently Bought Together

Security Engineering: A Guide to Building Dependable Distributed Systems + Introduction to Computer Security + University of Maryland: Custom Textbook for CSEC 630
Price For All Three: $226.19

Show availability and shipping details

Buy the selected items together
  • In Stock.
    Ships from and sold by Amazon.com.
    This item ships for FREE with Super Saver Shipping. Details

  • Introduction to Computer Security $87.62

    In Stock.
    Ships from and sold by Amazon.com.
    This item ships for FREE with Super Saver Shipping. Details

  • University of Maryland: Custom Textbook for CSEC 630 $90.00

    In Stock.
    Ships from and sold by Amazon.com.
    This item ships for FREE with Super Saver Shipping. Details



Editorial Reviews

Review

"At over a thousand pages, this is a comprehensive volume." Engineering & Technology Saturday 7 June 2008

From the Back Cover

"Security engineering is different from any other kind of programming. . . . if you're even thinking of doing any security engineering, you need to read this book."
— Bruce Schneier

"This is the best book on computer security. Buy it, but more importantly, read it and apply it in your work."
— Gary McGraw

This book created the discipline of security engineering

The world has changed radically since the first edition was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy — and as they specialize, they get better. New applications, from search to social networks to electronic voting machines, provide new targets. And terrorism has changed the world. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice.

Here's straight talk about

  • Technical engineering basics — cryptography, protocols, access controls, and distributed systems
  • Types of attack — phishing, Web exploits, card fraud, hardware hacks, and electronic warfare

  • Specialized protection mechanisms — what biometrics, seals, smartcards, alarms, and DRM do, and how they fail

  • Security economics — why companies build insecure systems, why it's tough to manage security projects, and how to cope

  • Security psychology — the privacy dilemma, what makes security too hard to use, and why deception will keep increasing

  • Policy — why governments waste money on security, why societies are vulnerable to terrorism, and what to do about it


Product Details

  • Hardcover: 1080 pages
  • Publisher: Wiley; 2 edition (April 14, 2008)
  • Language: English
  • ISBN-10: 0470068523
  • ISBN-13: 978-0470068526
  • Product Dimensions: 9.3 x 7.6 x 2.5 inches
  • Shipping Weight: 3.8 pounds (View shipping rates and policies)
  • Average Customer Review: 4.3 out of 5 stars  See all reviews (9 customer reviews)
  • Amazon Best Sellers Rank: #10,566 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

 

Customer Reviews

9 Reviews
5 star:
 (6)
4 star:    (0)
3 star:
 (3)
2 star:    (0)
1 star:    (0)
 
 
 
 
 
Average Customer Review
4.3 out of 5 stars (9 customer reviews)
 
 
 
 
Share your thoughts with other customers:
Most Helpful Customer Reviews

5 of 5 people found the following review helpful:
5.0 out of 5 stars A profoundly influential work written by a world-class security expert, November 17, 2008
This review is from: Security Engineering: A Guide to Building Dependable Distributed Systems (Hardcover)
For the typical busy security professional, reading a 900-page tome cover to cover represents an investment of time that may be difficult to justify. Frankly, security books that are worth the effort are few and far between. Security Engineering is one such book, for several reasons.

First, Ross Anderson's vast knowledge, experience and insight on the subject are well known, and his reputation as one of the top security experts in the world is well deserved. No doubt a reflection of this, his book covers a very broad range of security topics, the discussions ranging from high-level policy issues, all the way down to details of smartcard hacking and the mathematics of cryptography. The topics are well researched and described at a level of detail useful to the non-specialist. Concise summaries and occasional nuggets of insight indicate an in-depth understanding of the subject matter. The book is well written, easy to follow, and devoid of the vagueness and platitudes so typical of much of the security literature.

Second, the book exposes the sheer difficulty of engineering secure systems in the face of the many forces at play in a typical product development lifecycle. Through many case studies of success and failure, the author illustrates the numerous pitfalls that may befall even a well-intentioned design. Lessons learned from deploying products in the real world include the negative impact of perverse economic incentives, the importance of designing security features for maximum usability, and the need to look at a security problem from many different angles in a holistic manner. The book is a treasure trove of wisdom for the aspiring security engineer.

Lastly, the book brings together insight from many diverse areas of research. Disciplines ranging from economics, psychology, sociology, criminology, banking and bookkeeping, safety research, electronic warfare, to politics are all mined for ideas and results that could yield a better understanding of - and novel approaches to - difficult security problems. It is perhaps in this aspect that the book will prove to be most influential. Since the first edition was published in 2001, security economics, security usability, and security psychology have emerged as fertile areas of research.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


2 of 2 people found the following review helpful:
3.0 out of 5 stars Four benefits for the ISSEP candidate, March 17, 2011
This review is from: Security Engineering: A Guide to Building Dependable Distributed Systems (Hardcover)
Four beneficial take-aways from Ross Anderson's book, Security Engineering: A Guide to Building Dependable Distributed Systems:

1. After reading 600 pages of prose, there are four bullets on page 652 that epitomize the entire book. Here they are:

DEFENSE AGAINST NETWORK ATTACK - four sets of tools to defend against network attack:

(1) Management (i.e. CM)
(2) Filtering (i.e. Firewalls)
(3) Intrusion Detection (i.e. IDS devices)
(4) Encryption (i.e. VPN devices with encryption)


2. I discovered a little known standard that may have influenced the Risk Management Framework (RMF) methodology developed in the NIST SP 800-37. Read this excerpt (p. 838): "It is important for the Security Engineer to have some knowledge of internal controls. There is a shortage of books on this subject... the most influential is the Risk Management Framework from the Committee of Sponsoring Organizations (COSO), a group of U.S. accounting and auditing bodies [ [].... Its basic process is an evolutionary cycle: in a given environment, you assess the risks, design controls, monitor their performance, and then go around the loop again."

3. There's a small blurb on the Capability Maturity Model (p. 849). I think this little concept helps to understand all the CMM documents on the street. Here it is: "Some useful insights come from the Capability Maturity Model developed by the Carnegie-Mellon University. Although this is aimed at dependability and at delivering code on time rather than specifically at security, their research shows that capability is something that develops in groups; it's not just a purely individual thing."

Then another blurb on p.864-865:
"The Carnegie-Mellon research showed that newly formed teams tended to underestimate the amount of work in project, and also had a high variance in the amount of time they took; the teams that worked best together were much better able to predict how long they'd take, in terms of the mean development time, but reduced the variance as well."

4. Lastly, the author admits that he's a cynic, and a cynical attitude is probably the BEST way to look at the Common Criteria.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


1 of 1 people found the following review helpful:
5.0 out of 5 stars Excellent, readable, current, January 16, 2011
Amazon Verified Purchase(What's this?)
Certainly a top 5 in its space. Especially notable for its broad coverage and excellent references to other more detailed material. This is a very worthwhile update from the first edition (which is freely available from the author's web site as a PDF).
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No

Share your thoughts with other customers: Create your own review
 
 
 
Most Recent Customer Reviews







Only search this product's reviews



Inside This Book (learn more)
Key Phrases - Statistically Improbable Phrases (SIPs): (learn more)
multilevel security, multilateral security, emission security, simple authentication, security requirements engineering, trusted computing, passive attacks, security printing, information warfare, truck speed limiters, birthday theorem, middleperson attacks, service denial attacks, gearbox sensor, prepayment electricity meters, botnet herders, crypto primitives, public signature verification key, crypto wars, pirate cards, smartcard industry, digital tachographs, technical protection mechanisms, smartcard vendors, multilevel secure systems
Key Phrases - Capitalized Phrases (CAPs): (learn more)
World War, Common Criteria, Further Reading, Cold War, New York, Managing the Development of Secure Systems, The Bleeding Edge, Telecom System Security, Defense Against Network Attack, Physical Tamper Resistance, South Africa, Orange Book, Physical Protection, Soviet Union, Department of Defense, Air Force, New Zealand, Bruce Schneier, Top Secret, Taxi Meters, European Union, Hal Varian, Internet Explorer, Privacy Technology, Communications Systems
Browse Sample Pages:
Front Cover | Table of Contents | First Pages | Index | Back Cover | Surprise Me!
Search Inside This Book:


Tags Customers Associate with This Product

 (What's this?)
Click on a tag to find related items, discussions, and people.
 
(1)
(1)

Your tags: Add your first tag
 

Customer Discussions

This product's forum
Discussion Replies Latest Post
Why include reviews of older edition? 0 May 15, 2008
See all discussions...  
Start a new discussion
Topic:
First post:
Prompts for sign-in
 


Active discussions in related forums
Search Customer Discussions
   
Related forums





Look for Similar Items by Category


Look for Similar Items by Subject