For those in the New York City area, they know the tagline from radio station 1010 WINS “you give us 22 minutes, we'll give you the world”. It’s no exaggeration to claim that one could create a significantly size cloud-based IT infrastructure in AWS in 22 minutes. It’s also no exaggeration to claim that such an infrastructure would be seriously lacking in security and privacy controls.
In Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time (McGraw-Hill 978-1260118179), author O. Sami Saydjari has written a fantastic guide on how to design highly secure systems.
The first guide to really detail how to do that was in Ross Anderson’s classic reference Security Engineering: A Guide to Building Dependable Distributed Systems. Written in 2001, a lot has changed since than and this book fills in a lot of those gaps. Somewhat surprisingly, Saydjari doesn’t reference Anderson’s book.
The book is quite valuable for a wide range of readers; from those looking to get a detailed understanding of information security; to those looking to use it as a college text for a multi-semester course.
An interesting observation Saydjari makes at the beginning, is that those designing secure systems must approach cybersecurity design as an immune system, not as a single white blood cell. For too many security administrators, they think a border firewall and a DMZ is enough to secure their infrastructure. Anyone using such an approach will be sorely disappointed. Any likely breaches in a matter of hours.
Saydjari packs a huge amount of material in this nearly 500 page work. The 25 chapters are written in a procedural manner and walks the reader through the core areas of information security, and covers all of the fundamentals. He also makes able use of charts and diagrams to provide a detailed understanding of the topic at hand.
The message the book conveys is that information security requires a rigorous and disciplined approach via formal engineering methods. Getting that large IT infrastructure up and running in AWS is the easy part. Ensuring it is engineered securely, and stay secure is an entirely different matter, and the approach that the book takes. The book takes this orderly, holistic approach to the topic, and guides the reader through the various layers of information security which need to be built into systems.
What ones gets from reading this book is the breadth of details that encompass a secure system. For too many people, it’s about firewalls, Active Directory GPO or AWS Security Policies. Since attackers take very broad approach, creating a defensible network must take a similarly broad approach. Saydjari details the importance of not just security in depth, but also security in breadth.
The book emphasizes that the trustworthiness of a system is an essential aspect that must be designed into the systems from the very beginning. Lack of such an approach is what has led to many systematic security failures, and huge data breaches. This formal trustworthy approach has always been important, but is a most significant issue not with IT systems a central part of the national critical infrastructure. This is in addition to the billions of IoT devices being deployed, with far too many have security built in (if at all) as an afterthought.
Another theme of the book is risk quantification. An effective CISO has to have both the communication skills and data to explain the risks to the board. The best guide to do that is Measuring and Managing Information Risk: A FAIR Approach by Dr. Jack Freund and Jack Jones. While Saydjari doesn’t quote from the book, he does provides methods on how one can communicate those idea to the senior management. The ability to do that is a surefire way for information security to gain the confidence of the corporate board.
For those looking to understand both the importance of information security design into systems, and a detailed method in which to do that, Engineering Trustworthy Systems will be a most welcome and invaluable reference.