Enjoy fast, free delivery, exclusive deals, and award-winning movies & TV shows with Prime
Try Prime
and start saving today with fast, free delivery
Amazon Prime includes:
Fast, FREE Delivery is available to Prime members. To join, select "Try Amazon Prime and start saving today with Fast, FREE Delivery" below the Add to Cart button.
Amazon Prime members enjoy:- Cardmembers earn 5% Back at Amazon.com with a Prime Credit Card.
- Unlimited Free Two-Day Delivery
- Instant streaming of thousands of movies and TV episodes with Prime Video
- A Kindle book to borrow for free each month - with no due dates
- Listen to over 2 million songs and hundreds of playlists
- Unlimited photo storage with anywhere access
Important: Your credit card will NOT be charged when you start your free trial or if you cancel during the trial period. If you're happy with Amazon Prime, do nothing. At the end of the free trial, your membership will automatically upgrade to a monthly membership.
Buy new:
$22.43$22.43
FREE delivery: Saturday, Dec 16 on orders over $35.00 shipped by Amazon.
Ships from: Amazon.com Sold by: Amazon.com
Buy used: $15.22
Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.
Read instantly on your browser with Kindle for Web.
Using your mobile phone camera - scan the code below and download the Kindle app.
Beautiful Security: Leading Security Experts Explain How They Think 1st Edition
| Price | New from | Used from |
- Kindle
$23.99 Read with our free app - Paperback
$15.22 - $22.4326 Used from $1.30 15 New from $21.91 1 Collectible from $18.95
Purchase options and add-ons
- Rewiring the expectations and assumptions of organizations regarding security
- Security as a design requirement
- Evolution and new projects in Web of Trust
- Legal sanctions to enforce security precautions
- An encryption/hash system for protecting user data
- The criminal economy for stolen information
- Detecting attacks through context
Go beyond the headlines, hype, and hearsay. With Beautiful Security, you'll delve into the techniques, technology, ethics, and laws at the center of the biggest revolution in the history of network security. It's a useful and far-reaching discussion you can't afford to miss.
- ISBN-100596527489
- ISBN-13978-0596527488
- Edition1st
- PublisherO'Reilly Media
- Publication date
2009
June 2
- Language
EN
English
- Dimensions
7.0 x 0.8 x 9.2
inches
- Length
300
Pages
Frequently bought together

Customers who bought this item also bought
Editorial Reviews
About the Author
John is CTO of the SaaS Business Unit at McAfee, his second stint at McAfee. Previously, he was their Chief Security Architect, after which he founded and served as CEO of Stonewall Software, which focused on making anti-virus technology faster, better and cheaper. John was also the founder of Secure Software (now part of Fortify).
John is author of many security books, including Building Secure Software (Addison-Wesley), Network Security with OpenSSL (O'Reilly), and the forthcoming Myths of Security (O'Reilly). He is responsible for numerous software security tools and is the original author of Mailman, the GNU mailing list manager. He has done extensive standards work in the IEEE and IETF and co-invented GCM, a cryptographic algorithm that NIST has standardized. John is also an active advisor to several security companies, including Fortify and Bit9. He holds a MS and BA from the University of Virginia.
Product details
- Publisher : O'Reilly Media; 1st edition (June 2, 2009)
- Language : English
- Paperback : 300 pages
- ISBN-10 : 0596527489
- ISBN-13 : 978-0596527488
- Item Weight : 1.23 pounds
- Dimensions : 7 x 0.8 x 9.19 inches
- Best Sellers Rank: #2,843,905 in Books (See Top 100 in Books)
- #313 in CompTIA Certification Guides
- #675 in Computing Industry History
- #1,029 in Computer Networking (Books)
- Customer Reviews:
Important information
To report an issue with this product, click here.
About the authors

Dr. Anton Chuvakin (http://www.chuvakin.org/) is a Research Director at Gartner's Gartner for Technical Professionals (GTP) Security and Risk Management Strategies team.
Anton is a recognized security expert in the field of log management, SIEM and PCI DSS compliance. He is an author of books "Security Warrior", "Logging and Log Management" and "PCI Compliance" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, security management. His blog "Security Warrior" was one of the most popular in the industry.
In addition, Anton taught classes and presents at many security conferences across the world; he recently addressed audiences in United States, UK, Singapore, Spain, Russia and other countries. He worked on emerging security standards and served on advisory boards of several security start-ups.
Most recently, Anton was running his own security consulting practice, focusing on logging, SIEM and PCI DSS compliance for security vendors and Fortune 500 organizations. Dr. Anton Chuvakin was formerly a Director of PCI Compliance Solutions at Qualys. Previously, Anton worked at LogLogic as a Chief Logging Evangelist, tasked with educating the world about the importance of logging for security, compliance and operations. Before LogLogic, Anton was employed by a security vendor in a strategic product management role. Anton earned his Ph.D. degree from Stony Brook University.

John is Executive Vice President at SilverSky, the leader in cloud security solutions. John is the former editor-in-chief for IEEE Security and Privacy Magazine, and his technical work in cryptography has been standardized by NIST, the IEEE and IETF. Prior to SilverSky, John was CTO for Software-as-a-Service at McAfee.
John started out writing fiction in high school and college, but Randy Pausch (of Last Lecture Fame) convinced him to make a career in technology.

Andy Oram is an editor at O'Reilly Media, a highly respected book
publisher and technology information provider. An employee of the
company since 1992, Andy currently specializes in open source,
networking, and software engineering, but his editorial output has
ranged from a legal guide covering intellectual property to a graphic
novel about teenage hackers. His work for O'Reilly includes the
influential 2001 title Peer-to-Peer, the 2005 ground-breaking book
Running Linux, and the 2007 best-seller Beautiful Code.
Andy also writes often for O'Reilly's Radar site
(http://radar.oreilly.com/) and other publications on policy issues
related to the Internet and on trends affecting technical innovation
and its effects on society. Print publications where his work has
appeared include The Economist, Communications of the ACM, Copyright
World, and Internet Law and Business. His web site is
http://www.praxagora.com/andyo/.
Customer reviews
Customer Reviews, including Product Star Ratings help customers to learn more about the product and decide whether it is the right product for them.
To calculate the overall star rating and percentage breakdown by star, we don’t use a simple average. Instead, our system considers things like how recent a review is and if the reviewer bought the item on Amazon. It also analyzed reviews to verify trustworthiness.
Learn more how customers reviews work on Amazon-
Top reviews
Top reviews from the United States
There was a problem filtering reviews right now. Please try again later.
A premise of the book is that most people don't give security much attention until their personal or business systems are attacked or breached. The book notes that criminals often succeed by exercising enormous creativity when devising their attacks. They think outside of the box which the security people built to keep them out. Those who create defenses around digital assets must similarly use creativity when designing an information security solution.
Unfortunately, far too few organizations spend enough time thinking creatively about security. More often than not, it is simply about deploying a firewall and hoping the understaffed security team can deal with the rest of the risks.
The 16 essays, arranged in no particular theme are meant to show how fascinating information security can be. This is in defense to how security is often perceived, as an endless series of dialogue boxes and warnings, or some other block to keep a user from the web site or device they want to access. Each of the 16 essays is well-written, organized and well-argued. The following 4 chapter are particularly noteworthy.
Chapter 3 is titled Beautiful Security Metrics and details how security metrics can be effectively used, rather than simply being a vehicle for creating random statistics for management. Security metrics are a critical prerequisite for turning IT security into a science, instead of an art. With that, author Elizabeth Nichols notes that the security profession needs to change in ways that emulate the medical professional when it comes to metrics. She notes specifically that security must develop a system of vital signs and generally accepted metrics in the same way in which physicians work. The chapter also provides excellent insights on how to use metrics and how metrics, in addition to high-level questions that can be used to determine how effective security is within an organization.
Chapter 6 deals with online-advertising and the myriad problems in keeping it honest. Author Benjamin Edelman observed a problem with the online supply chain world, as opposed to brick and mortar (BAM) world, in that BAM companies have long-established procurement departments with robust internal controls, and carefully trained staff who evaluate prospective vendors to confirm legitimacy. In the online world, predominantly around Google AdSense, most advertisers and advertising networks lack any comparable rigor for evaluating their vendors. That has created a significant avenue for online advertising fraud, of which the on-line advertising is a victim to.
Edelman writes that he has uncovered hundreds of online advertising scams defrauding hundreds of thousands of users, in addition to the merchants themselves. The chapter details many of the deceptive advertisements that he has found, and shows how often web ads that tout something for free, is most often far from it.
Chapter 7 is about the PGP and the evolution of the PGP web of trust scheme. The chapter is written by PGP creator Phil Zimmerman, and current PGP CTO Jon Callas. It has been a long while since Zimmerman has written anything authoritative about PGP, so the chapter is a welcome one. Zimmerman and Callas note that while a lot has been written about PGP, much of it though containing substantial inaccuracies. The chapter provides invaluable insights into PGP and the history and use of cryptography. It also gives a thorough overview of the original PGP web of trust model, and recent enhancements bring PGP's web of trust up to date.
Chapter 9 is one of the standout chapters in the book. Mark Curphrey writes about the need to get people, processes and technology to work together so that the humans involved in information security can make better decisions. In the chapter, Curphrey deals with topical issues such as cloud computing, social networks, security economics and more. Curphrey notes that when he starts giving a presentation, he does it with the following quotation from Upton Sinclair -- "it's difficult to get a man to understand something when his salary depends on him not understanding it". He uses the quote to challenge listeners (and readers in this case) to question the reason why they are being presented the specific ideas, which serves as a reminder of common, subtle biases for thoughts and ideas presented as fact.
In its 250 pages, Beautiful Security is both a fascinating an enjoyable read. There are numerous security books that weight a few pounds a use reams of paper, that don't have a fraction of the real content that Beautiful Security has. With other chapters from industry luminaries such as Jim Routh, Randy Sabett, Anton Chuvakin and others, Beautiful Security is a required read.
For those that have an interest in information security or those that are frustrated by it, Beautiful Security is an eye-opening book that will challenge you, and change the way you think about information security. It is a good book for those whose who think information security is simply about deploying hardware, and an even better book for those who truly get information security.
Advantages:
- You see the subject from different angles
- One or two author maybe boring, the overall content still has value
- It is more like reading many little books on security.
On the other hand:
- You get many introduction and conclusions, that doesn't add much.
- There is no real continuity nor overall aim or message. It is more a collection of essays arranged and formated to look like a "one story".
Some essays are really insightful:
- "Psychological security trap": Is certainly something that you want to be aware of! How developers may think that security isn't a real requirement. It is somehow also the point in "security by design" and "Forcing firms to focus", but with an emphasis on project management and process.
- Security Metrics is also interesting. It resurfaces in many others essays, mostly to warn about the wrong usage of metrics or the usage of wrong metrics.
- The evolution of PGP is nice. It shows how far they have gone with PKI. Now it really looks like a good solution. But as with the Semantic Web, I would say that it is still waiting wide adoption to be useful.
- "Oh no, here comes the Lawyer" should have been even more developed. This is where I feel I lack the most insight.
- Incident detection: This is well known today. But always good to repeat. This is concrete stuff and where we can expect improvement soon.
- "Doing real work without real data" exposes a nice idea. Worth to implement if it fits your use case. There are good references to balance pro and cons.
- Casting spells also exposes a vendor solution. It uses a combination of technics (virtualization, signature + AI) to secure the user's workstation. Again, it may fit some use case.
- Log handling is also certainly a crucial part of the puzzle.
- ... others essays exposes security breaches, Honeyclient, adventures in wireless land ...
The essays target an average reader. It doesn't require any knowledge in programming, cryptography or Network protocols. Still, it will certainly help to have some culture in software development. It raises awarness in many differents aspect related to security.
At first, I really liked the introduction in the book: The idea that too often security is seen from the point of view of the failures, like you look for a car race only waiting to see car crashes. The promise here was to focus on how a good design is as beautiful and enjoyable as a car crash. Well the content shows that it isn't that easy. I guess that it would have been a book on protocol design and application architecture. Subjects much harder to enjoy. Still the intent was good.
To conclude, I would say that this book is what computer's security looks like after all: there is no coherent story. But if you have to write your own security story, you will be better of knowing 16 different essays than a single one.



