John DiMarco on Computing (and occasionally other things)
I welcome comments by email to jdd at cs.toronto.edu.

Fri 19 Jul 2019 16:13

Ross Anderson's Security Engineering
Security Engineering - Second Edition

Until recently, I had not read Ross Anderson's Security Engineering, despite hearing good things about it. I'm not sure why: I think I was put off a bit by the title. I had a vague and confused impression that a book about "Security Engineering" would be yet another how-to book about making computers secure. I should have known better. In this case, I was wrong, very much so, and much to my detriment. I should have read this book long ago.

Why had I not read it? I have no excuse. The book has been out for a while: it is in its second edition, which came out in 2008 (Anderson is writing a third edition, expected next year). So I certainly had the opportunity. Moreover, since 2012, the book has been free for the reading (and downloading) from his website. So I certainly had the means. I just didn't, until a few weeks ago, when I stumbled across it again. I read a little from the website, then a little more. Before long, I was well and thoroughly hooked.

Security Engineering is a classic, comprehensive book about information security: eminently readable, clear and thorough, it covers information security in pretty much every aspect one might encounter it, from the usual (cryptography, access controls, protocols, biometrics) to the not quite so day-to-day (nuclear weapons launch protocols, counterfeiting, even spying by analyzing the RF emissions from computers). Each chapter is a clear elucidation of a particular aspect of information security, focusing on the essential issues. Each chapter provides enough detail to understand the essential elements, yet not too much detail as to overwhelm the reader. His writing is a classic illustration of the difference between an expert and a master. An expert knows a great deal about a topic and provides an abundance of information. A master knows the key elements, those things that are most important, on which everything else hangs, and focuses exactly on these. This book is mastery, in clear, understandable and engaging language. It has become my favourite book in information security already, and I haven't yet finished it.

I look forward to the third edition sometime next year. I can't wait.

/it permanent link

Blosxom