Like the subtitle suggests, this book is a gentle introduction to the subject of information security. It doesn’t assume any special background from the reader other than an understanding of the basic concepts of information technology (IT), which most end users possess nowadays.

The book aims to acquaint beginners, whether cybersecurity students or security compliance officers, with the common terms and areas of concern in cybersecurity, starting with definitions of vulnerability and data integrity, and touching on subjects like system access (authorization and authentication), threat categorization and security applications for operating systems and networks, cryptography, compliance, and the Internet of Things (IoT).

The level of discussion may also be useful to application programmers: already working on the practical aspects of enterprise cybersecurity, they may want to design their applications using the standard terminology and strategies in the area.

In particular, the chapter on cryptography provides a well-organized, concise description of its foundational strategies, like asymmetric cryptography and hash functions. What is discussed here is obviously not enough to implement or even understand encrypting/decrypting algorithms at a technical level, but it equips the reader with a solid understanding of the practical applications of cryptography, for example, digital signatures and certificates. This lays the foundation for blockchain or cryptocurrencies, even though they are not discussed in detail.

The compliance aspects of blockchain and cryptocurrencies are briefly mentioned, but readers will have to look elsewhere for the cybersecurity implications of these pervasive technologies.

Compliance is a key aspect of enterprise cybersecurity. It is also changing. This book describes the relevant laws and standards in both the US and the European Union (EU), like the Sarbanes-Oxley Act or the Federal Information Security Management Act (FISMA). Again, the book contains enough information to acquaint users with their requirements and importance.

In summary, this book is a well-organized, broad introduction to the concepts, technologies, and issues relevant to enterprise cybersecurity.

More reviews about this item: Amazon, Goodreads