- Use promo code PRIMEBOOKS18 to save $5.00 when you spend $20.00 or more on Books offered by Amazon.com. Enter code PRIMEBOOKS18 at checkout. Here's how (restrictions apply)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Security Engineering: A Guide to Building Dependable Distributed Systems 2nd Edition
Use the Amazon App to scan ISBNs and compare prices.
Fulfillment by Amazon (FBA) is a service we offer sellers that lets them store their products in Amazon's fulfillment centers, and we directly pack, ship, and provide customer service for these products. Something we hope you'll especially enjoy: FBA items qualify for FREE Shipping and Amazon Prime.
If you're a seller, Fulfillment by Amazon can help you increase your sales. We invite you to learn more about Fulfillment by Amazon .
The Amazon Book Review
Author interviews, book reviews, editors picks, and more. Read it now
Frequently bought together
Customers who bought this item also bought
Special offers and product promotions
"At over a thousand pages, this is a comprehensive volume." Engineering & Technology Saturday 7 June 2008
From the Back Cover
"Security engineering is different from any other kind ofprogramming. . . . if you're even thinking of doing any securityengineering, you need to read this book."
— Bruce Schneier
"This is the best book on computer security. Buy it, but moreimportantly, read it and apply it in your work."
— Gary McGraw
This book created the discipline of securityengineering
The world has changed radically since the first edition waspublished in 2001. Spammers, virus writers, phishermen, moneylaunderers, and spies now trade busily with each other in a livelyonline criminal economy — and as they specialize, they getbetter. New applications, from search to social networks toelectronic voting machines, provide new targets. And terrorism haschanged the world. In this indispensable, fully updated guide, RossAnderson reveals how to build systems that stay dependable whetherfaced with error or malice.
Here's straight talk about
- Technical engineering basics — cryptography,protocols, access controls, and distributed systems
Types of attack — phishing, Web exploits, cardfraud, hardware hacks, and electronic warfare
Specialized protection mechanisms — whatbiometrics, seals, smartcards, alarms, and DRM do, and how theyfail
Security economics — why companies build insecuresystems, why it's tough to manage security projects, and how tocope
Security psychology — the privacy dilemma, whatmakes security too hard to use, and why deception will keepincreasing
Policy — why governments waste money on security,why societies are vulnerable to terrorism, and what to do aboutit
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
I especially like all the examples. If you already work in the space, you already know WHY any of this is important. If you don't, then leaving those stories out really makes the subject matter dry and irrelevant. Including it really hits home as to why security is so important to all of us, and it makes the solutions much more intriguing.
The author explains things in layman's terms, so although this is a very broad and complex topic, it's very accessible through this book. I also love the author's approach of introducing you to *all* the relevant concerns of security, and then giving you references if you want to learn more (including problems that haven't been solved yet).
One thing I found interesting was that having the advantage of living 10 years beyond the end of the book, it becomes clear that many of the current hot topics in security have been predicted by security experts for years. For example, Google just found the first SHA-1 collision, and in the book, Ross reported that an algorithm has been developed to find a collision in 2^69 steps, but it was predicted that it should be possible in 2^60 steps. 10 years later, as I'm reading the book, Google reports they did it with 2^63 computations.
If you're a professional, you probably already know all the important stuff from this book. So depending on what you're looking for, it might not be the book for you. If security is this mysterious, complex thing that feels like it's beyond your reach, you'll love this book. It's not like "heads first" security where it just flies by. You may find yourself slogging through the thousand or so pages over a series of eye-straining months. Your husband might get used to seeing you making pained faces around the house while looking at the ceiling as you try to understand something. But it's still fun. Oh also sometimes the author is unexpectedly sarcastic, and that's really fun, too.
While studying for the CISSP exam I was forced to familiarize myself in many areas of security I had previously skirted – thus it was grueling work. Few of the CISSP level exam questions require in-depth knowledge; overall the CISSP requires an eye-in-the-sky view of the entire security field, and how different concepts fit together. At the level of the CISSP there are many good resources and it only took me two weeks of study to prep for a passing score.
Studying for the CISSP-ISSAP has been more challenging. Not only is the training availability extremely limited, there are few good study resources for the exam. I understand the ISSAP concentration requires detailed knowledge of the inner workings of many technical systems (and not just those normally administered by security professionals). To pass this exam you not only need to retain that knowledge, but know how it all works in minute detail.
A long foreword, but the point being stumbling across this book has been a lucky break. Ross dives into security engineering at the street level and comes up for air only to relate real world cases of security failure and how they can be avoided. Not only does he get down to the detail level required on much of the CISSP-ISSAP curriculum, his book is heavily weighted in the technical control fields that are core to the ISSAP exam.
If you’re tasked with engineering security controls in any information system or joining me in studying for the ISSAP concentration I highly recommend this read.
This book was published in 2010 making it currently 7 years old. This means there are some glaring exemptions from his review of historical security failures and a bit of weakness in mobile, social and cloud. It should be noted that. Despite being 10 years out of date many of his observations seem eerily prescient given what has occurred during the intervening interval and although lacking in examples pertaining to Social Mobile Analytics and Cloud – he accurately predicted the systemic issues encountered in these areas proving good fundamental coverage still useful in 2017.
Trailing note. This is 1080 pages - if you're expecting a casual read look elsewhere, while Ross does an excellent job of keeping this digestible be prepared for some focused attention on every passage.