The best information security book I ever read is….

Hands down, the best book I have read to date is Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson.  The second edition came out in 2008. 

If you are looking for 50 pages of screen prints on how to install and configure a printer under Windows, this is the wrong book for that. What Anderson does, in great detail and with lucidity, is particularizing all of the aspects that are required to create a security infrastructure. He relentlessly reiterates that security must be engineered into information systems from the outset. When security is retrofitted into an application or system, it is never as effective. 

Anderson defines security engineering as "building systems to remain dependable in the face of malice, error or mischance. As a discipline, it focuses on the tools, processes and methods needed to design, implement and test complete systems, and to adapt existing systems as their environment evolves." 

The book covers every domain of computer security. As noted security guru Bruce Schneier writes in the book's foreword "If you're even thinking of doing any security engineering, you need to read this book." Schneier's comment compliments his own attitude that security is not a product, rather a process. Going with that mantra, Anderson demonstrates in exhaustive detail how information security must be implemented in every aspect of the information system's infrastructure in order for systems to be dependable and secure. 

Anderson lays the groundwork on how to build a secure and dependable system. Every aspect of information security is discussed in the book -- from passwords, access control, and attacks, to physical security and policy. Additionally, relevant and timely topics such as information warfare, privacy protection, access control, and more are discussed. This is the only book that covers the end-to-end spectrum of security design and engineering. 

While many of the chapter topics may sound unexciting, Anderson has a wonderful writing style and at times reads almost like a Tom Clancy thriller with its details of military command and control systems and other similar topics. Anyone responsible for information security should read Security Engineering.

← View more Blogs

This document was retrieved from http://www.rsaconference.com/blogs/408/rothke/the-best-information-security-book-i-ever-read-is on Wed, 27 Aug 2014 23:05:57 -0400.
© 2014 EMC Corporation. All rights reserved.