5/01/2012

Computer Security: Art and Science Review

Computer Security: Art and Science
Average Reviews:

(More customer reviews)
Please understand that the Amazon star system, while very powerful has limits, I feel this book is 5 stars as a textbook for an undergrad computer security course, 4 stars for a graduate student and 3 stars for a book on the average information security worker's shelf.
Computer Security Art and Science has been years in the making and for good reason; it is over a thousand pages. The book seems best suited for four groups of readers. The first group is college students; this will probably be a popular choice as a textbook for undergraduate level students and with additional materials, graduate level students. It is a complete guide to computer security terminology and theory. Other groups of readers that would benefit from this book include security knowledgeable managers seeking to assess the knowledge of potential employees especially in policy and architecture positions. A third group includes anyone preparing for information security certifications. If you are wish to certify you will benefit from a close reading of this text before attempting your examination. Finally, anyone seeking to understand the big picture of information security would benefit from Computer Security Art and Science. However the book's value is primarily as a textbook!
Like most authors writing a security book, Matt has chosen to start at a basic level beginning with a discussion of confidentiality, integrity and availability. As a reviewer I was quietly wondering how long he would stay there. The answer proved to be one chapter only and at the back of the chapter one the author has included insightful, thought provoking study questions. If I were considering hiring someone who claimed to have experience in information security that could not answer these questions, I would show them the door.
Now to consider the rest of the book! On the first page of chapter two we are introduced to logical equations. This is where the casual reader is likely to get off the bus while the diligent student with a qualified instructor gets on. As soon as I saw the equations with no explanation of how to read them, I could see someone browsing in a bookstore shut the cover and move on. Be brave and press on is my advice; the book is well worth it even if some of the illustrations are beyond comprehension without a teacher's guide. It says in the preface this book was designed to be a college level textbook. They have to put a few inscrutable pages in the book so the professors can appear to be smarter than the students.
The cryptography section, chapters 9 - 11 are very approachable and while not as in depth as some other sections, they would help anyone preparing for the various industry security certifications including CompTIA's Security +, ISC2's CISSP and SANS' GSEC. In fact the entire book would be beneficial for any of these.
The table of contents says that part 6 of the book, assurance, chapters 18 - 21, were contributed by a different author, Elisabeth Sullivan. I read those chapters closely and could not detect a different tone or level of quality; the authors are to be congratulated for that. Nice use of humor on the heading title for 18.1.1, "The Need for Assurance" and where else can you read about "Extreme Programming".
No book is perfect, the intrusion detection and penetration testing discussions need to be beefed up, but chapter 29, Program Security more than makes up for them. That chapter should be required reading before anyone is allowed to touch a compiler.
I donate most of the books people send me to review to my local library, but this one stays on the shelf and I am setting an iCal reminder to re-read the policy and audit sections a couple months from now.

Click Here to see more reviews about: Computer Security: Art and Science



Buy NowGet 28% OFF

Click here for more information about Computer Security: Art and Science

No comments:

Post a Comment