| | |  | Computer Security | Home » » Security Engineering: A Guide to Building Dependable Distributed Systems | | | | | | | Product Promotions: | | | | | Description: | | The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here?s straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more. | | | Product Details: | | | Author:
| Ross J. Anderson | | Hardcover:
| 1080 pages | | Publisher:
| Wiley | | Publication Date:
| April 14, 2008 | | Language:
| English | | ISBN:
| 0470068523 | | Product Length:
| 9.27 inches | | Product Width:
| 7.64 inches | | Product Height:
| 2.5 inches | | Product Weight:
| 3.83 pounds | | Package Length:
| 9.4 inches | | Package Width:
| 7.7 inches | | Package Height:
| 2.6 inches | | Package Weight:
| 3.8 pounds | | Average Customer Rating:
|  based on 12 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
 ( 12 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
5 of 5 found the following review helpful:
 A profoundly influential work written by a world-class security expertNov 17, 2008
By Jacob Gajek
For the typical busy security professional, reading a 900-page tome cover to cover represents an investment of time that may be difficult to justify. Frankly, security books that are worth the effort are few and far between. Security Engineering is one such book, for several reasons.
First, Ross Anderson's vast knowledge, experience and insight on the subject are well known, and his reputation as one of the top security experts in the world is well deserved. No doubt a reflection of this, his book covers a very broad range of security topics, the discussions ranging from high-level policy issues, all the way down to details of smartcard hacking and the mathematics of cryptography. The topics are well researched and described at a level of detail useful to the non-specialist. Concise summaries and occasional nuggets of insight indicate an in-depth understanding of the subject matter. The book is well written, easy to follow, and devoid of the vagueness and platitudes so typical of much of the security literature.
Second, the book exposes the sheer difficulty of engineering secure systems in the face of the many forces at play in a typical product development lifecycle. Through many case studies of success and failure, the author illustrates the numerous pitfalls that may befall even a well-intentioned design. Lessons learned from deploying products in the real world include the negative impact of perverse economic incentives, the importance of designing security features for maximum usability, and the need to look at a security problem from many different angles in a holistic manner. The book is a treasure trove of wisdom for the aspiring security engineer.
Lastly, the book brings together insight from many diverse areas of research. Disciplines ranging from economics, psychology, sociology, criminology, banking and bookkeeping, safety research, electronic warfare, to politics are all mined for ideas and results that could yield a better understanding of - and novel approaches to - difficult security problems. It is perhaps in this aspect that the book will prove to be most influential. Since the first edition was published in 2001, security economics, security usability, and security psychology have emerged as fertile areas of research.
3 of 3 found the following review helpful:
 Four benefits for the ISSEP candidateMar 17, 2011
By Kurt D. Danis
"Navy CISSP"
Four beneficial take-aways from Ross Anderson's book, Security Engineering: A Guide to Building Dependable Distributed Systems:
1. After reading 600 pages of prose, there are four bullets on page 652 that epitomize the entire book. Here they are:
DEFENSE AGAINST NETWORK ATTACK - four sets of tools to defend against network attack:
(1) Management (i.e. CM)
(2) Filtering (i.e. Firewalls)
(3) Intrusion Detection (i.e. IDS devices)
(4) Encryption (i.e. VPN devices with encryption)
2. I discovered a little known standard that may have influenced the Risk Management Framework (RMF) methodology developed in the NIST SP 800-37. Read this excerpt (p. 838): "It is important for the Security Engineer to have some knowledge of internal controls. There is a shortage of books on this subject... the most influential is the Risk Management Framework from the Committee of Sponsoring Organizations (COSO), a group of U.S. accounting and auditing bodies [ […].... Its basic process is an evolutionary cycle: in a given environment, you assess the risks, design controls, monitor their performance, and then go around the loop again."
3. There's a small blurb on the Capability Maturity Model (p. 849). I think this little concept helps to understand all the CMM documents on the street. Here it is: "Some useful insights come from the Capability Maturity Model developed by the Carnegie-Mellon University. Although this is aimed at dependability and at delivering code on time rather than specifically at security, their research shows that capability is something that develops in groups; it's not just a purely individual thing."
Then another blurb on p.864-865:
"The Carnegie-Mellon research showed that newly formed teams tended to underestimate the amount of work in project, and also had a high variance in the amount of time they took; the teams that worked best together were much better able to predict how long they'd take, in terms of the mean development time, but reduced the variance as well."
4. Lastly, the author admits that he's a cynic, and a cynical attitude is probably the BEST way to look at the Common Criteria.
2 of 2 found the following review helpful:
Excellent, readable, currentJan 17, 2011
By Greg
Certainly a top 5 in its space. Especially notable for its broad coverage and excellent references to other more detailed material. This is a very worthwhile update from the first edition (which is freely available from the author's web site as a PDF).
 Textbook Purchase ReviewMay 15, 2012
By Ben
I have just started a course in Security Engineering with the recommended Security Engineering Textbook which I am reviewing. I found the text simple to understand, full of examples that illustrate concepts and I think I enjoy using it.
Very goodMay 04, 2012
By Witek Radomski
"freakmod"
I've had this book on my shelf for a while because the beginning of the book kept losing me, but after getting through the first couple of chapters it starts getting very interesting and I found it to be extremely mind opening. Loved all the various topics ranging from Cryptography to "Nuclear Command and Control" (yeah) to cheating in online video games. Examining these many different genres of security helps you think about security from more angles. An essential book.
See all 12 customer reviews on Amazon.com
| | |
|
