Cybersecurity and Applied Mathematics

Posted on by Ben Rothke

Mathematics is an integral (no pun intended) part of information security and cryptography. The RSA cryptosystem is one of many examples—its foundation is based on mathematics. The core security of RSA is based on the practical difficulty of factoring the product of two very large prime numbers, known as the factoring problem. In elliptic curve cryptography (ECC), its security is based on the algebraic structure of elliptic curves over finite fields.

In Cybersecurity and Applied Mathematics (Syngress ISBN 978-0128044520), authors and mathematicians Leigh Metcalf and William Casey have written an interesting book that details many aspects of mathematics. The cover of the book states that the text explores the mathematical concepts necessary for effective cybersecurity research and practice, taking an applied approach for practitioners and students entering the field. The book covers methods of statistical exploratory data analysis and visualization as a type of model for driving decisions, also discussing key topics, such as graph theory, topological complexes, and persistent homology (method for computing topological features of a space at different spatial resolutions).


The book covers all of those topics and more. But I think for most readers, it's hard to see how the mathematical topics in the book will make them a better information security professional. For example, I’d venture to say that less than 1 percent of those within information security have ever heard of, and will let alone find a use for, persistent homology.

The book details applied mathematics, but does not really show how to consistently apply the topics throughout the information security lifecycle. For most information security professionals, the mathematics in the book will be of little value in their daily job tasks.

For large enterprises that have information security staff working on big data, the book will be a most interesting read. The authors there do a good job of showing a number of ways and methods that can be used for effective analysis of big data.

Those within information security that like math will find this an interesting read. But for those studying for their CISSP, working towards PCI or SoX compliance and the like, will find the book to be more theory, than of practical value.


Ben Rothke

Senior Information Security Manager, Tapad

security operations threat intelligence

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community