Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Foundations of information security: a straightforward introduction
Andress J., No Starch Press, San Francisco, CA, 2019. 248 pp. Type: Book (978-1-718500-04-4)
Date Reviewed: Feb 2 2021

Like the subtitle suggests, this book is a gentle introduction to the subject of information security. It doesn’t assume any special background from the reader other than an understanding of the basic concepts of information technology (IT), which most end users possess nowadays.

The book aims to acquaint beginners, whether cybersecurity students or security compliance officers, with the common terms and areas of concern in cybersecurity, starting with definitions of vulnerability and data integrity, and touching on subjects like system access (authorization and authentication), threat categorization and security applications for operating systems and networks, cryptography, compliance, and the Internet of Things (IoT).

The level of discussion may also be useful to application programmers: already working on the practical aspects of enterprise cybersecurity, they may want to design their applications using the standard terminology and strategies in the area.

In particular, the chapter on cryptography provides a well-organized, concise description of its foundational strategies, like asymmetric cryptography and hash functions. What is discussed here is obviously not enough to implement or even understand encrypting/decrypting algorithms at a technical level, but it equips the reader with a solid understanding of the practical applications of cryptography, for example, digital signatures and certificates. This lays the foundation for blockchain or cryptocurrencies, even though they are not discussed in detail.

The compliance aspects of blockchain and cryptocurrencies are briefly mentioned, but readers will have to look elsewhere for the cybersecurity implications of these pervasive technologies.

Compliance is a key aspect of enterprise cybersecurity. It is also changing. This book describes the relevant laws and standards in both the US and the European Union (EU), like the Sarbanes-Oxley Act or the Federal Information Security Management Act (FISMA). Again, the book contains enough information to acquaint users with their requirements and importance.

In summary, this book is a well-organized, broad introduction to the concepts, technologies, and issues relevant to enterprise cybersecurity.

More reviews about this item: Amazon, Goodreads

Reviewer:  Rosario Uceda-Sosa Review #: CR147175 (2106-0133)
Bookmark and Share
  Editor Recommended
Featured Reviewer
 
 
Cryptographic Controls (D.4.6 ... )
 
 
Security and Protection (K.6.5 )
 
Would you recommend this review?
yes
no
Other reviews under "Cryptographic Controls": Date
Cryptology: machines, history and methods
Deavours C., Kahn D., Kruh L., Mellen G. (ed), Winkel B. (ed) Artech House, Inc., Norwood, MA,1989. Type: Divisible Book
Jan 1 1992
Transaction security system
Abraham D., Dolan G., Double G., Stevens J. (ed) IBM Systems Journal 30(2): 206-229, 1991. Type: Article
Mar 1 1992
Cryptography for computer security: making the decision
Fisher W. Computers and Security 3(3): 229-233, 1984. Type: Article
Jun 1 1985
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy