The New State-of-the-Art in Information Security: Now Covers the Economics of Cyber Security and the Intersection of Privacy and Information Security For years, IT and security professionals and students have turned to Security in Computing as the definitive guide to information about computer security attacks and countermeasures. In their new fourth edition, Charles P. Pfleeger and Shari Lawrence Pfleeger have thoroughly updated their classic guide to reflect today's newest technologies, standards, and trends. The authors first introduce the core concepts and vocabulary of computer security, including attacks and controls. Next, the authors systematically identify and assess threats now facing programs, operating systems, database systems, and networks. For each threat, they offer best-practice responses. Security in Computing, Fourth Edition, goes beyond technology, covering crucial management issues faced in protecting infrastructure and information. This edition contains an all-new chapter on the economics of cybersecurity, explaining ways to make a business case for security investments. Another new chapter addresses privacy--from data mining and identity theft, to RFID and e-voting. New coverage also includes - Programming mistakes that compromise security: man-in-the-middle, timing, and privilege escalation attacks
- Web application threats and vulnerabilities
- Networks of compromised systems: bots, botnets, and drones
- Rootkits--including the notorious Sony XCP
- Wi-Fi network security challenges, standards, and techniques
- New malicious code attacks, including false interfaces and keystroke loggers
- Improving code quality: software engineering, testing, and liability approaches
- Biometric authentication: capabilities and limitations
- Using the Advanced Encryption System (AES) more effectively
- Balancing dissemination with piracy control in music and other digital content
- Countering new cryptanalytic attacks against RSA, DES, and SHA
- Responding to the emergence of organized attacker groups pursuing profit
|
Average Customer Review:
 ( 32 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
12 of 12 found the following review helpful:
 Best textbook on the marketJan 06, 2003
By K. Tracy
This book is still the best textbook on the market. Having reviewed (officially) many of the new competitors to this book, this book is still the best at providing an excellent overview to computing security, especially for computer scientists. While I agree with another reviewer that "Hacking Exposed" is another good book, it is not a textbook and does not provide the theoretical underpinnings that this book does. The old edition (2nd) was getting dated and I was glad to see most of the material that needed updating was. In particular, the networking section was updated and sufficient for my course in computer security. Other books tend to provide a more short-term view of security, than a textbook with solid concepts. This series of editions has done a lot to create a science of security, rather than just a collection of techniques.
9 of 9 found the following review helpful:
An outstanding text and reference in the INFOSEC FieldMay 05, 2003
By J Holleran
In 1989, I read the first edition of "Security in Computing" which was one of the best books in the information security field. Fourteen years later, I find the 2003 third edition even better. This is my primary textbook in a graduate course I teach. I also recommend this text to commercial students who are in my CISSP Common Body of Knowledge seminars. What I like best about this book is the index and the bibliography. Personally, I use this text as a reference to remind myself of the concise descriptions of some difficult security issues or protocols. I also recommend this book for managers to develop insights for interviewing potential candidates. The book, just like the field, is very broad and can assist you in understanding the big picture view in information security. It can help you focus on requirements in the development of a secure computing environment and develop some metrics as you define your security architecture. Having spent several decades in the information security field, I find this to be an excellent book for the classroom as well as the reference shelf of information security practitioner and manager in an enterprise environment.J Holleran, CISSP
Retired Technical Director
National Computer Security Center
11 of 12 found the following review helpful:
An excellent text book and referenceMay 30, 2003
By Richard Steinberger
Security in Computing (Third Edition) can serve as an upper division undergraduate or graduate level text book. But if you're not a student, and more pragmatic than theoretical, don't let that scare you off. Each chapter is clearly written, well organized, contains a summary, list of terms used, and a brief "To Learn More" section. The book is very up to date: It includes reasonably detailed discussions on the inner workings of AES and even an introduction to quantum cryptography. All the "old standards" are covered as well, including firewalls, viruses and malware, CIA, database security, policy development, network security, trusted operating systems, security law, cryptography and more. All in all, this is the best general purpose computer security book available. It belongs on the bookshelf of every practicing professional. But you won't want to leave it there - take it down when you need to work in an unfamiliar area. It will help bring you up to speed and point you towards more specialized resources. Minor caution: This is not a book for security beginners, and it helps to have some background in computer architecture, networks, databases and/or administration. But if you've got that, you won't find a better book. And if you don't this book provides enough ground work for quick studies to understand new security material.
5 of 5 found the following review helpful:
 Good book for Security ProfessionalsJul 10, 2006
By JR
"ElMontro"
If you really are looking for theory to be able to have a better consulting experience or drive your company into deeper waters regarding security this is your book. For students starting on this I would not recommend it, you may fall asleep during your first couple of pages.
7 of 8 found the following review helpful:
Textbook, not an easy reading bookNov 01, 2006
By Stephen Northcutt
There are a number of approaches to how to teach security ranging from hack it till it breaks to building on sound theory. This book is the latter.
It is a textbook, a bit dry, but that goes with the territory when you know you need to read chapter two to pass the quiz, chapter two gets read. The authors have worked hard, the writing works to make things clear, there are lots of very professional illustrations.
This most reminds me of Matt Bishop's book, with its weight and pagecount, but this is more approachable. This book coupled with a good instructor can certainly help teach the theory, terminology and concepts of information security.
The best chapters are six, Database and Data Mining ten, Privacy in Computing and eleven, Legal and Ethical issues.
The weakest chapter is eight, where they breeze over risk analysis and security policy. I also found chapter three, Program Security made me keep thinking, come on, you are so close, put in the extra effort and take this over the top.
The most interesting thing from a book design is that cryptography is split into chapter two elementary cryptography and the last chapter (twelve) crytography explained instead of being taught back to back.
See all 32 customer reviews on Amazon.com
|
based on 32 reviews
