Few books on the broad subject of security engineering have achieved the seminal status of this one, first published in 2001 [1]. The first edition is available for free online (http://www.cl.cam.ac.uk/~rja14/book.html). The second edition adds over 400 pages to the already bulging 612-page first edition.

The book is divided into three parts. The first part, spanning seven chapters, deals with basic concepts of security engineering. The discussion covers the workings of security protocols, the people angle to security solutions, thoughts on password use, access control from a systems viewpoint, and cryptography. The last two chapters concentrate on problems of distributed systems, namely concurrency, failure resistance, and naming, as well as on the economics of system security.

Part 2, the largest of the three, covers a wide range of topics in the area of security, by examining various applications of secure systems. Multilevel security systems are considered in chapter 8, while compartmentalized systems as a means of dealing with sensitive information are discussed in chapter 9. Banking and fraud control systems are presented in the next chapter, and chapter 11 presents a limited discussion on physical security. Chapter 12 reviews monitoring systems, and chapter 13 considers the tradeoff between availability and confidentiality. Security printing and seals-based technology are discussed in the next chapter, followed by biometrics in chapter 15.

Chapter 16 deals with tamper resistance in cryptographic hardware, including smartcards. Chapter 17 is on emission security, chapter 18 is on security issues associated with the use of application programming interfaces (APIs), chapter 19 is on electronic warfare, and chapter 20 is on telecommunication systems security. Chapter 21 looks at network security--specifically, attacks and defenses. Chapter 22 looks at the controversial recent technologies associated with digital rights management (DRM) systems. The last chapter in this part looks at a potpourri of applications associated with social networks, gaming, and elections.

Part 3 deals with more abstract issues associated with policies and politics (chapter 24), management issues (chapter 25), and system evaluation and assurance (chapter 26). The last chapter provides a conclusion, summarizing the state of secure systems and discussing the need for further research and engineering work to make them more secure.

Anderson has expanded on his already comprehensive first edition, and has come up with a formidable, exhaustive, and updated look at the state of security engineering. In the process, he has produced a book that is a must-read for anyone interested in the wide area of system security.