Enjoy fast, FREE delivery, exclusive deals and award-winning movies & TV shows with Prime
Try Prime and start saving today with Fast, FREE Delivery

List Price: $85.00 Details

Save: $51.36 (60%)

FREE Returns

FREE delivery Friday, September 1. Order within 11 hrs 30 mins

Select delivery location

Only 1 left in stock - order soon

$$33.64 () Includes selected options. Includes initial monthly payment and selected options. Details

Payment

Secure transaction

Ships from

Amazon

Sold by

ALTUNDAS02

Returns

Eligible for Return, Refund or Replacement within 30 days of receipt

Details

Payment

Secure transaction

We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more

Ships from

Amazon

Sold by

ALTUNDAS02

Returns

Eligible for Return, Refund or Replacement within 30 days of receipt

This item can be returned in its original condition for a full refund or replacement within 30 days of receipt.

Read full return policy

Add a gift receipt for easy returns

Get Fast, Free Shipping with Amazon Prime

FREE delivery Saturday, September 2 on orders shipped by Amazon over $25. Order within 11 hrs 30 mins

Select delivery location

Used: Good | Details

Sold by RentU

Fulfilled by Amazon

Access codes and supplements are not guaranteed with used items.

Have one to sell?

Sell on Amazon

Other Sellers on Amazon

Added

Not added

$33.63
& FREE Shipping. Details

Sold by: SmilesStore

Added

Not added

$34.99
& FREE Shipping. Details

Sold by: Allsentials

Added

Not added

$34.99
& FREE Shipping. Details

Sold by: The Reader Eagle

Flip to back Flip to front

Listen Playing... Paused You're listening to a sample of the Audible audio edition.
Learn more

See all 3 images

Follow the Author

Ross Anderson

Security Engineering: A Guide to Building Dependable Distributed Systems 2nd Edition

by Ross J. Anderson (Author)

4.4 126 ratings

See all formats and editions

There is a newer edition of this item:

Security Engineering: A Guide to Building Dependable Distributed Systems
$51.80
(175)
In Stock

{"desktop_buybox_group_1":[{"displayPrice":"$33.64","priceAmount":33.64,"currencySymbol":"$","integerValue":"33","decimalSeparator":".","fractionalValue":"64","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"4mJHCxe0tmmhTocXyE51yts6nD3MwV4qdjnqqeW%2FBj6ymvkpxYabkD%2BF7uAaO0BBx9n141lyIQk3sAOHvTnqvQl6Ge0OARMesi0qM5X9k71fn3LTO6GagVs3x24l2X3ZNTuRxK3m3uKjW0soRm84L4E%2Bs8jlZlIkj%2FY%2FGklSYEllzv%2BOxM2ERiXK%2FQLv0Uua","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$12.29","priceAmount":12.29,"currencySymbol":"$","integerValue":"12","decimalSeparator":".","fractionalValue":"29","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"4mJHCxe0tmmhTocXyE51yts6nD3MwV4qh090unx9jXcQ7LhFdcLf2YLFAm%2FpKdwPLRnrcLXFHHleZbOVT2sRHqS5DTOXbjD2yHHCHcjBfn%2BxyDbMw6DpbcKXWtq2qc7XX0INmnpBnZoBGFJO4K0V%2B1EIwuODTsdl%2B0uD4fcuDDZseW518RniJXphxb3qwFhO","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}]}

Purchase options and add-ons

The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here's straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.

ISBN-10

0470068523
ISBN-13

978-0470068526
Edition

2nd
Publisher

Wiley
Publication date

April 14, 2008
Language

English
Dimensions

7.8 x 2.6 x 9.5 inches
Print length

1088 pages
See all details

Ross Anderson
175
Hardcover
24 offers from $43.64
Niels Ferguson
188
Paperback
48 offers from $5.22

Editorial Reviews

From the Back Cover

"Security engineering is different from any other kind of programming. . . . if you're even thinking of doing any security engineering, you need to read this book."
― Bruce Schneier

"This is the best book on computer security. Buy it, but more importantly, read it and apply it in your work."
― Gary McGraw

This book created the discipline of security engineering

The world has changed radically since the first edition was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy ― and as they specialize, they get better. New applications, from search to social networks to electronic voting machines, provide new targets. And terrorism has changed the world. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice.

Here's straight talk about

Technical engineering basics ― cryptography, protocols, access controls, and distributed systems
Types of attack ― phishing, Web exploits, card fraud, hardware hacks, and electronic warfare
Specialized protection mechanisms ― what biometrics, seals, smartcards, alarms, and DRM do, and how they fail
Security economics ― why companies build insecure systems, why it's tough to manage security projects, and how to cope
Security psychology ― the privacy dilemma, what makes security too hard to use, and why deception will keep increasing
Policy ― why governments waste money on security, why societies are vulnerable to terrorism, and what to do about it

About the Author

Ross Anderson is Professor of Security Engineering at Cambridge University and a pioneer of security economics. Widely recognized as one of the world's foremost authorities on security, he has published many studies of how real security systems fail and made trailblazing contributions to numerous technologies from peer-to-peer systems and API analysis through hardware security.

Product details

Publisher ‏ : ‎ Wiley; 2nd edition (April 14, 2008)
Language ‏ : ‎ English
Hardcover ‏ : ‎ 1088 pages
ISBN-10 ‏ : ‎ 0470068523
ISBN-13 ‏ : ‎ 978-0470068526
Item Weight ‏ : ‎ 4.23 pounds
Dimensions ‏ : ‎ 7.8 x 2.6 x 9.5 inches

Customer Reviews:
4.4 126 ratings

Brief content visible, double tap to read full content.

Full content visible, double tap to read brief content.

Videos

Help others learn more about this product by uploading a video!

Upload your video

Important information

To report an issue with this product, click here.

About the author

Follow authors to get new release updates, plus improved recommendations.

Ross Anderson

Brief content visible, double tap to read full content.

Full content visible, double tap to read brief content.

Discover more of the author’s books, see similar authors, read author blogs and more

Customer reviews

4.4 out of 5

126 global ratings

5 star
4 star
3 star
2 star
1 star

How customer reviews and ratings work

Sort reviews by

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

Matthew F.

Excellent Study Reference for CISSP-ISSAP

Reviewed in the United States on May 11, 2017

Verified Purchase

I’m currently endeavoring on a journey to attain the CISSP-ISSAP (architecture level) security certification.

While studying for the CISSP exam I was forced to familiarize myself in many areas of security I had previously skirted – thus it was grueling work. Few of the CISSP level exam questions require in-depth knowledge; overall the CISSP requires an eye-in-the-sky view of the entire security field, and how different concepts fit together. At the level of the CISSP there are many good resources and it only took me two weeks of study to prep for a passing score.

Studying for the CISSP-ISSAP has been more challenging. Not only is the training availability extremely limited, there are few good study resources for the exam. I understand the ISSAP concentration requires detailed knowledge of the inner workings of many technical systems (and not just those normally administered by security professionals). To pass this exam you not only need to retain that knowledge, but know how it all works in minute detail.

A long foreword, but the point being stumbling across this book has been a lucky break. Ross dives into security engineering at the street level and comes up for air only to relate real world cases of security failure and how they can be avoided. Not only does he get down to the detail level required on much of the CISSP-ISSAP curriculum, his book is heavily weighted in the technical control fields that are core to the ISSAP exam.

If you’re tasked with engineering security controls in any information system or joining me in studying for the ISSAP concentration I highly recommend this read.

This book was published in 2010 making it currently 7 years old. This means there are some glaring exemptions from his review of historical security failures and a bit of weakness in mobile, social and cloud. It should be noted that. Despite being 10 years out of date many of his observations seem eerily prescient given what has occurred during the intervening interval and although lacking in examples pertaining to Social Mobile Analytics and Cloud – he accurately predicted the systemic issues encountered in these areas proving good fundamental coverage still useful in 2017.

Trailing note. This is 1080 pages - if you're expecting a casual read look elsewhere, while Ross does an excellent job of keeping this digestible be prepared for some focused attention on every passage.

Ross A++

17 people found this helpful

Helpful

Works At Home

Great introduction to the wide world of security

Reviewed in the United States on March 9, 2017

Verified Purchase

I love this book. I'm not a security professional, just reading it for fun. It's great reading for fun.

I especially like all the examples. If you already work in the space, you already know WHY any of this is important. If you don't, then leaving those stories out really makes the subject matter dry and irrelevant. Including it really hits home as to why security is so important to all of us, and it makes the solutions much more intriguing.

The author explains things in layman's terms, so although this is a very broad and complex topic, it's very accessible through this book. I also love the author's approach of introducing you to *all* the relevant concerns of security, and then giving you references if you want to learn more (including problems that haven't been solved yet).

One thing I found interesting was that having the advantage of living 10 years beyond the end of the book, it becomes clear that many of the current hot topics in security have been predicted by security experts for years. For example, Google just found the first SHA-1 collision, and in the book, Ross reported that an algorithm has been developed to find a collision in 2^69 steps, but it was predicted that it should be possible in 2^60 steps. 10 years later, as I'm reading the book, Google reports they did it with 2^63 computations.

If you're a professional, you probably already know all the important stuff from this book. So depending on what you're looking for, it might not be the book for you. If security is this mysterious, complex thing that feels like it's beyond your reach, you'll love this book. It's not like "heads first" security where it just flies by. You may find yourself slogging through the thousand or so pages over a series of eye-straining months. Your husband might get used to seeing you making pained faces around the house while looking at the ceiling as you try to understand something. But it's still fun. Oh also sometimes the author is unexpectedly sarcastic, and that's really fun, too.

8 people found this helpful

Helpful

Vvh

Really good

Reviewed in the United States on August 10, 2021

Verified Purchase

Helicopter view and detailed

Helpful

jcelis

a little old but many of the concepts are still ...

Reviewed in the United States on March 31, 2015

Verified Purchase

a little old but many of the concepts are still relevant and it is incredibly eye opening. I learned much more about current and historical security problems from this book than I did from books less than a year old.

2 people found this helpful

Helpful

Robert W. Johnson

Four Stars

Reviewed in the United States on February 4, 2018

Verified Purchase

Excellent treatment of a difficult subject. A bit too complex in a few places

Helpful

Derigible

It is a good reference book

Reviewed in the United States on January 3, 2015

Verified Purchase

A very lengthy and dense book. It is a good reference book, but a horrible choice to have budding professionals read to learn the basics. But there seems to be no dearth of information in here.

2 people found this helpful

Helpful

Ben

Textbook Purchase Review

Reviewed in the United States on May 15, 2012

Verified Purchase

I have just started a course in Security Engineering with the recommended Security Engineering Textbook which I am reviewing. I found the text simple to understand, full of examples that illustrate concepts and I think I enjoy using it.

3 people found this helpful

Helpful

Majid A.

... book is too stretched to many subjects to be useful in a specific subject

Reviewed in the United States on September 25, 2014

Verified Purchase

The book is too stretched to many subjects to be useful in a specific subject. It can work as a reference only.

The title is misleading also. The book is concerned with IT security, not security in general.

One person found this helpful

Helpful

Top reviews from other countries

Translate all reviews to English

Christopher Parsons

A Must Read

Reviewed in Canada on September 24, 2011

Verified Purchase

Anderson has successfully synthesized an incredibly diverse set of literature and, as a result, the book is useful for any person who is involved in security. The first section of the book outlines different threat models, offers accessible ways to develop and implement security designs, and also addresses issues of economics, psychology, and basic security issues that must be considered from the outset of security planning. Because different threat situations are raised throughout the book the reader will learn to appreciate the value of adopting comprehensive threat planning. This approach is not meant to drive a 'secure everything' mentality but to encourage readers to reflect on, and understand, what is actually being protected, why it is being protected, and what it is being protected from. As a result, a manager or team lead not invested in the day-to-day securing of a principle can have intelligent and critical discussions with their security staff, ensuring that principles are properly identified and resources assigned to ensure desired levels of threat protection. For staff involved in implementing policy, reading this first section may help to couch concerns in a language that is better understood by management. It will also let those same staff members more precisely plan and implement policies that are handed down from higher levels in an organizational framework.

In the second section of the book, Anderson addresses a series of 'topic areas' such as multilateral security, banking and bookkeeping, monitoring and metering, security printing and seals, API attacks, copyright, telecom security, and more. In each section he leaves the reader with an excellent topical understanding of the historical issues these areas have encountered, how issues in various sections often relate to one another, and where and why errors in judgement have been made. The regular demonstrations of security failures - often due to side channel attacks - operate as powerful reminders that adequate policies that precisely identify how fault situations unfold are (arguably) amongst the most important elements of any security policy. It also demonstrates how what appear to be robust systems can be made to be quite brittle, thus emphasizing the need to think about how to develop effective defence in depth policies. This section is essential reading for both the actual implementers of security as well as whomever is making purchasing decisions on behalf of organizations. With the rapid growth of the 'security industry' and ever-increasing number of vendors that are invested in selling their latest products/snake oil, this section provides the reader with tools needed to critically interrogate products and make better purchasing and implementation decisions.

The final section is, arguably, most needed by mid- to high-level organizational planners. Civil issues are raised - how does security/surveillance impact individuals' rights? - as are step-by-step methodological systems for establishing threat patterns in relation to larger organizational concerns (e.g. profitability, consumer loyalty and trust). It also includes suggested practices for addressing potential security errors introduced in the generation of a digital or coded product, and how to establish an environment conducive to ensuring product- and process-based integrity, authenticity, and security. The final section is particularly needed for anyone looking into compliance seals and assurances. Anderson outlines the positive and deficient aspects of external audits, and also identifies how auditing systems have been gamed by nation-state actors and the reasons behind such gaming. While some organizations may be more concerned about receiving seals for bureaucratic purposes, for the agency that is concerned about the actual security value of the seals, this section provides much-needed resources to understand the nature of seal and certification systems.

I cannot recommend this book highly enough. Quite often, security books will emphasize a particular line of attack and bypass the broader conceptual systems underlying the incursion. This book largely takes the opposite track, focusing first on the conceptual deficiencies and the intellectual demands of designing secure systems. It then proceeds to outline attacks that often use the systems' logic to the attackers advantage. As a result, the reader will leave with a critical appreciation of the concepts and implementations of security. The emphasis on the conceptual conditions of security mean that the book will continue to age well, with readers being able to apply what is learned in this book to their work for years to come.

Karim Sultan

Dated book in dire need of a 3rd edition update

Reviewed in Canada on September 27, 2016

Verified Purchase

People love this book. There's no doubt about it, it is a good book and an important work in the field. But I can't drink the 5-star kool-aid, and let me explain why in the hopes it might temper your expectations. First of all,it's dated. 2008 is the publication year, and since it is a 2nd edition, it also still contains a lot of content from previous years, all of which is losing relevancy. 10 years is a long time for change in any field, but in security? It's like a century. You will read entire chapters that seem more like a historical perspective than applicable policy. Many standards have been achieved and realm-relevant decisions made that aren't addressed (although perhaps hinted at).

Ross Anderson writes in an approachable manner that is casual and informative although at times he suddenly becomes pedantic. It's completely due to the scope of the material, which is incredibly broad (perhaps that's a necessary demon) and the realization that some it was written at different times with some topics being the author's passion and others being mandated. He does offers excellent insights into banking system security and command and control security - both topics that are usually kept secretive and sparse. You'll also get phenomenal viewpoints into the many ways attackers approach different systems.

The book is still worth purchasing if you want insight into the field of security. It should be praised for its scope, but not its depth (sometimes, it is superficial while at other times it is overly-detailed). It requires an update to a 3rd edition, followed by more frequent updates to match the frantic pace of this field. Until then, you will need to supplement it with a more recent, if not as detailed, text.

2 people found this helpful

Peter

A book for novices? Definitely

Reviewed in the United Kingdom on December 6, 2014

Verified Purchase

I recently decided to learn more about "security". I suppose that like many novices I equated security with cryptography and went searching on the web. I was lucky to find Anderson's web-site and read a few chapters, "Cryptography" and "Protocols". Then I wondered about the rest of the book and read a bit more.

It was an eye opener, I bought the book and I haven't regretted it. The scope covered all the application areas in which I was interested, and added new ones.

It is well written to the extent that I found myself reading it for entertainment. Nevertheless it is also a solid academic book with plenty of references to other materials. It is also telling that this book is referenced by every other book on security and cryptography that I have since read.

One person found this helpful

David Arrojo

nice

Reviewed in the United Kingdom on April 10, 2020

Verified Purchase

ok

Mario Guerra

Completamente necesario

Reviewed in Spain on June 23, 2013

Verified Purchase

Pese a ser esta segunda edición de 2008 y estar disponible públicamente su versión en PDF, el libro merece la pena tenerlo en papel. Abarca todos los campos posibles en ciberseguridad desde un punto de vista académico. No es un libro enfocado a aquellos que buscan perfeccionar sus habilidades en ataque/defensa, pero sin este tipo de lecturas (el libro es el soporte de tres asignaturas en la Cambridge University), no se adquiere una perspectiva global de todos los aspectos que deben ser tenidos en cuenta a la hora de planificar la defensa o el ataque a un sistema de comunicaciones.

One person found this helpful

Translate review to English

See more reviews

Amazon Prime includes:

Buy new: $33.64$33.64 FREE delivery: Friday, Sep 1 Payment Secure transaction Ships from Amazon Sold by ALTUNDAS02 Returns Eligible for Return, Refund or Replacement within 30 days of receipt

Buy used: $12.29

Other Sellers on Amazon

Follow the Author

Security Engineering: A Guide to Building Dependable Distributed Systems 2nd Edition

There is a newer edition of this item:

Purchase options and add-ons

Customers who viewed this item also viewed

Editorial Reviews

From the Back Cover

About the Author

Product details

Videos

Important information

About the author

Ross Anderson

Customer reviews

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

Top reviews from other countries

Buy new:

$33.64

FREE delivery: Friday, Sep 1

Payment

Secure transaction

Ships from

Amazon

Sold by

ALTUNDAS02

Returns

Eligible for Return, Refund or Replacement within 30 days of receipt

Buy used:

$12.29