Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Foundations of information security: a straightforward introduction
Andress J., No Starch Press, San Francisco, CA, 2019. 248 pp.  Type: Book (978-1-718500-04-4)
Date Reviewed: Feb 2 2021

Like the subtitle suggests, this book is a gentle introduction to the subject of information security. It doesn’t assume any special background from the reader other than an understanding of the basic concepts of information technology (IT), which most end users possess nowadays.

The book aims to acquaint beginners, whether cybersecurity students or security compliance officers, with the common terms and areas of concern in cybersecurity, starting with definitions of vulnerability and data integrity, and touching on subjects like system access (authorization and authentication), threat categorization and security applications for operating systems and networks, cryptography, compliance, and the Internet of Things (IoT).

The level of discussion may also be useful to application programmers: already working on the practical aspects of enterprise cybersecurity, they may want to design their applications using the standard terminology and strategies in the area.

In particular, the chapter on cryptography provides a well-organized, concise description of its foundational strategies, like asymmetric cryptography and hash functions. What is discussed here is obviously not enough to implement or even understand encrypting/decrypting algorithms at a technical level, but it equips the reader with a solid understanding of the practical applications of cryptography, for example, digital signatures and certificates. This lays the foundation for blockchain or cryptocurrencies, even though they are not discussed in detail.

The compliance aspects of blockchain and cryptocurrencies are briefly mentioned, but readers will have to look elsewhere for the cybersecurity implications of these pervasive technologies.

Compliance is a key aspect of enterprise cybersecurity. It is also changing. This book describes the relevant laws and standards in both the US and the European Union (EU), like the Sarbanes-Oxley Act or the Federal Information Security Management Act (FISMA). Again, the book contains enough information to acquaint users with their requirements and importance.

In summary, this book is a well-organized, broad introduction to the concepts, technologies, and issues relevant to enterprise cybersecurity.

More reviews about this item: Amazon, Goodreads

Reviewer:  Rosario Uceda-Sosa Review #: CR147175 (2106-0133)
Bookmark and Share
  Editor Recommended
Featured Reviewer
Cryptographic Controls (D.4.6 ... )
Security and Protection (K.6.5 )
Would you recommend this review?
Other reviews under "Cryptographic Controls": Date
The long road ahead to transition to post-quantum cryptography
LaMacchia B.  Communications of the ACM 65(1): 28-30, 2022. Type: Article
Jul 14 2022
Secure and effective implementation of an IOTA light node using STM32
Stucchi D., Susella R., Fragneto P., Rossi B.  BlockSys 2019 (Proceedings of the 2nd Workshop on Blockchain-enabled Networked Sensor, New York, NY,  Nov 10, 2019) 28-29, 2019. Type: Proceedings
Mar 15 2021
Cybercryptography: applicable cryptography for cyberspace security
Yan S.,  Springer International Publishing, New York, NY, 2019. 436 pp. Type: Book (978-3-319725-34-5), Reviews: (2 of 2)
Aug 24 2020

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright © 2000-2022 ThinkLoud, Inc.
Terms of Use
| Privacy Policy