Thoughts on Security Engineering, 2nd Ed

One of my favorite all-time security books is Security Engineering by Prof Ross Anderson, which I read and reviewed in 2002. Earlier this year Wiley published Security Engineering, 2nd Ed. The first edition was a 612 page soft cover; the second edition is a massive 1040 page hard cover.

To learn more about the new edition, I recommend visiting Ross' book page. This title should be included in every academic security program. Cambridge University uses each of the three parts of the tome in three separate computer security classes, as noted on the book page. If you're in a formal security program and you've never heard of this book, ask your professors why it's not included. If your professors have never heard of this book, ask yourself why you are studying in that program.

Three years ago I posted What the CISSP Should Be, offering NIST SP 800-27, Rev. A, Engineering Principles for Information Technology Security (A Baseline for Achieving Security) as the basis for the CISSP. The CISSP should use Prof Anderson's book as an historical application and practical expansion of the core ideas of 800-27.

Security Engineering would make a great text for a year-long, meet every-other-week program, where participants read one chapter each week. (The book is 27 chapters, but the last is only a three page conclusion that could be wrapped into week 26.) Those taking the time to read, discuss, and understand the material in this book would know far more about security than anyone wasting time in a series of CISSP CBK cram sessions.

If you read the first edition, I still recommend buying and reading the second edition. As you'll see on the book page, Wiley allowed Ross to post 6 chapters in .pdf format, along with the table of contents, preface, acknowledgements, bibliography, and index. The entire first edition is also still online if you want to start there.

Comments

Anonymous said…
It's a fine read. I try to read a few pages of the book every day and I am halfway through now.
Anonymous said…
This comment has been removed by a blog administrator.
stev4n said…
This comment has been removed by a blog administrator.
stev4n said…
This comment has been removed by a blog administrator.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics