Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Computer security (3rd ed.)
Gollmann D., Wiley Publishing, Hoboken, NJ, 2011. 456 pp. Type: Book (978-0-470741-15-3)
Date Reviewed: Jun 11 2012

Computer security has become a popular topic of study in many computing programs. The students’ desire to learn about the most up-to-date security topics, as well as the increasing rate of change in information technology, means that computer security textbooks must be revised often. Gollmann provides such revisions in his third edition, published four years after the previous one. The text maintains a similar structure, focused primarily on concepts rather than concrete applications. At just over 400 pages, it is one of the most succinct mainstream security textbooks claiming comprehensive coverage [1,2]. Such succinctness is intentional, as the quotes on the back and the preface suggest. Gollmann’s book strikes a balance between the needed depth and the constraint on time available to cover the topics (one semester) by focusing on some fundamental aspects, and sacrificing others.

Yet aiming for brevity comes at a price. First, the design of the book renders reading strenuous, with most text printed in very small font. The graphics and formatting are very simple and often main concepts are not emphasized in a clear enough manner to draw attention to them. The textbook’s 20 chapters aim to provide reasonable coverage of the various security topics. They include traditional areas, such as encryption, user authentication, network and operating systems security, access control, database management, and Web and application security, as well as more specific topics like the Windows and Unix environments. Many chapters seem to be arbitrarily compressed. For example, encryption is covered in an extremely succinct manner in chapter 14, and most details are lacking. Moreover, the text here reads like a basic revision from previous editions. The data encryption standard (DES) is described in almost a page and is presented as being still in use in some sectors, while the advanced encryption standard (AES) that replaced DES more than a decade ago receives only passing coverage in four lines. Some topics that would often be found in security textbooks (such as physical security) are not included.

The author identifies the book as a textbook for wide audiences, from introductory to advanced course-takers, and also presents it as a reference for technical staff. Such ambitious goals are met only in part. It would not provide the expected richness of complementary materials often needed in a learning environment, and the questions at the ends of the chapters are very limited in both quantity and quality. There are no review questions, no significant additional reading materials, and no project suggestions. When treated as a reference for practitioners, the book lacks depth and often does not address current legal requirements. The update from the previous edition of various topics is often incremental and does not seem to reflect specific challenges of recent years, such as increased concerns over denial of service attacks, intrusion, privacy, and data aggregation.

Despite this, the volume is crisp and full of information. The many techniques that are now part of information security are presented in a seamless manner, and a reader, if able to get beyond the lack of detail or examples, could acquire a comprehensive knowledge base. Moreover, the textbook includes some topics that will certainly draw attention. The chapter on mobility deals with wireless security, Bluetooth, and Global System for Mobile Communications (GSM), among other topics, and is followed by a chapter focused on new access control paradigms (for Java and .NET security), which could constitute the basis for a course on security in mobile applications. However, even these topics are covered only briefly and require significant additional resources.

Reviewer:  Stefan Robila Review #: CR140252 (1210-1026)
1) Pfleeger, C.; Pfleeger, S. Analyzing computer security. Pearson Education, Upper Saddle River, NJ, 2012.
2) Stallings, W.; Brown, L. Computer security: principles and practice (2nd ed.). Pearson, Boston, MA, 2012.
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Security and Protection (K.6.5 )
 
 
Reference (A.2 )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
CIRCAL and the representation of communication, concurrency, and time
Milne G. ACM Transactions on Programming Languages and Systems 7(2): 270-298, 1985. Type: Article
Oct 1 1985
Computer security risk management
Palmer I., Potter G., Van Nostrand Reinhold Co., New York, NY, 1989. Type: Book (9780442302900)
Apr 1 1991
Computers at risk
, National Academy Press, Washington, DC, 1991. Type: Book (9780309043885)
Oct 1 1991
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy