Security Engineering: A Guide to
Building Dependable Distributed
Systems by Ross J. Anderson
Security Engineering - Ross Anderson
Gigantically comprehensive and carefully researched, Security
Engineering makes it clear just how difficult it is to protect information
systems from corruption, eavesdropping, unauthorized use, and general
malice. Better, Ross Anderson offers a lot of thoughts on how information
can be made more secure (though probably not absolutely secure, at least
not forever) with the help of both technologies and management strategies.
His work makes fascinating reading and will no doubt inspire considerable
doubt--fear is probably a better choice of words--in anyone with information
to gather, protect, or make decisions about. Be aware: This is absolutely
not a book solely about computers, with yet another explanation of Alice
and Bob and how they exchange public keys in order to exchange
messages in secret. Anderson explores, for example, the ingenious ways
in which European truck drivers defeat their vehicles speed-logging

equipment. In another section, he shows how the end of the cold war
brought on a decline in defenses against radio-frequency monitoring (radio
frequencies can be used to determine, at a distance, whats going on in
systems--bank teller machines, say), and how similar technology can be
used to reverse-engineer the calculations that go on inside smart cards. In
almost 600 pages of riveting detail, Anderson warns us not to be seduced
by the latest defensive technologies, never to underestimate human
ingenuity, and always use common sense in defending valuables. A terrific
read for security professionals and general readers alike. --David Wall
Topics covered: How some people go about protecting valuable things
(particularly, but not exclusively, information) and how other people go
about getting it anyway. Mostly, this takes the form of essays (about, for
example, how the U.S. Air Force keeps its nukes out of the wrong hands)
and stories (one of which tells of an art thief who defeated the latest
technology by hiding in a closet). Sections deal with technologies, policies,
psychology, and legal matters.
Personal Review: Security Engineering: A Guide to Building
Dependable Distributed Systems by Ross J. Anderson
For the typical busy security professional, reading a 900-page tome cover
to cover represents an investment of time that may be difficult to justify.
Frankly, security books that are worth the effort are few and far between.
Security Engineering is one such book, for several reasons.
First, Ross Anderson's vast knowledge, experience and insight on the
subject are well known, and his reputation as one of the top security
experts in the world is well deserved. No doubt a reflection of this, his
book covers a very broad range of security topics, the discussions ranging
from high-level policy issues, all the way down to details of smartcard
hacking and the mathematics of cryptography. The topics are well
researched and described at a level of detail useful to the non-specialist.
Concise summaries and occasional nuggets of insight indicate an in-depth
understanding of the subject matter. The book is well written, easy to
follow, and devoid of the vagueness and platitudes so typical of much of
the security literature.
Second, the book exposes the sheer difficulty of engineering secure
systems in the face of the many forces at play in a typical product
development lifecycle. Through many case studies of success and failure,
the author illustrates the numerous pitfalls that may befall even a well-
intentioned design. Lessons learned from deploying products in the real
world include the negative impact of perverse economic incentives, the
importance of designing security features for maximum usability, and the
need to look at a security problem from many different angles in a holistic
manner. The book is a treasure trove of wisdom for the aspiring security
engineer.
Lastly, the book brings together insight from many diverse areas of
research. Disciplines ranging from economics, psychology, sociology,

criminology, banking and bookkeeping, safety research, electronic warfare,
to politics are all mined for ideas and results that could yield a better
understanding of - and novel approaches to - difficult security problems. It
is perhaps in this aspect that the book will prove to be most influential.
Since the first edition was published in 2001, security economics, security
usability, and security psychology have emerged as fertile areas of
research.
For More 5 Star Customer Reviews and Lowest Price:
Security Engineering: A Guide to Building Dependable Distributed Systems by Ross J.
Anderson 5 Star Customer Reviews and Lowest Price!