Cybersecurity is a critical grand challenge for the world at large today. The COVID-19 pandemic has hastened digitization across all global spheres, and people are spending more of their time online for a variety of needs, from shopping to healthcare. At the same time, we are also seeing a huge increase in cybercrime. Books dealing with various aspects of cyberspace security are therefore important. Cybersecurity in digital transformations is a relevant entry here.
The book’s stated focus is “digital transformation.” The first chapter attempts to capture what is meant by this; however, it could be greatly improved by maintaining focus. Diversions into environmental challenges and low carbon footprints do not add any value, and no effort is made to connect such topics with the theme of the book. The second chapter is on cybersecurity itself. A lot of aspects are touched on. However, the book fails to provide a coherent, organized picture of the domain. The connection to digital transformation is also not clear. A systematic introduction to the various types of security issues, with a brief discussion of each, would have been useful. Section 2.5 gets into a lot of mathematical formulations, which seem out of place in a book like this.
Chapter 3, “Threat Intelligence,” covers such topics as the different types of threats (from known knowns to unknown unknowns), threat intelligence modeling, digital forensics and threat intelligence platforms, threat attack profiles, and sharing and management platforms. The next chapter is on the important topic of intrusion detection and prevention; however, why this topic was chosen among the myriad topics in cybersecurity is not clear. Anomaly based, misuse-based, and specification-based intrusion detection are covered, and then there is some discussion of intrusion detection system and intrusion prevention system architectures.
Chapter 5 is on machine learning and deep learning--techniques with much potential in cybersecurity. Beginning with a half-hearted introduction to the field in a couple of pages, the book discusses machine learning applications in intrusion detection. Though machine learning is (crudely) defined as learning from data, deep learning is introduced as a separate topic. The treatment is very superficial.
Chapter 6, “Attack Models and Scenarios,” is another short chapter. Beyond its introduction to attack models, it touches on adversary behavior modeling and adversary cyberthreat simulation modeling. Chapter 7, “Cybersecurity Ontology,” discusses the notion of ontology and efforts to build an ontology for various aspects of cybersecurity, such as attack ontology, unified cybersecurity ontology, and so on. They can be very useful in various modeling and standardization aspects. The last chapter, “Cybersecurity Leadership,” spanning just three pages, concludes the book. It looks at the expectations of a leader and briefly discusses digital masters.
Topics like information security tend to be dry unless carefully handled. Though the book starts with digital transformations, there is not much reference to this theme throughout the rest of the text. There is no attempt to explain the book’s approach nor the selection of topics.
The book is mostly text divided into long paragraphs, making it hard to read. With respect to the content, there is a lot of wandering--I found the writing to be quite loose and unable to present a coherent and comprehensive picture of the field. Many topics are touched on here and there, but the author fails to build any depth or coherence. Sometimes the discussion covers the basics and sometimes it is too dense and formal. Topics should be introduced in a dependency-based (or similar) order to make the material easier to follow. Important terms should be introduced and defined before use. It is also good to have a target user in mind, for example, indicating if the book is meant for some action, just a casual understanding, or so on.
The book has a lot of typographical errors, too. Overall, its readability score is low.