06 April 2020

Security Engineering by Ross Anderson

Security Engineering by Ross Anderson is likely the best security book I've read so far.

Whereas other books explain from a technical point of view exclusively, Anderson focus on concepts establishing the mental framework to guide a security engineer along his professional career. So he does not refer to any specific firewall brand, programming language or operating system, but to design successes and failures along Information Technologies and Communications history. This is so enriching because dominant vendors marketing try to convince you that you only need to invest vast amounts of money to buy latest tech to get your information assets secure. However for Anderson technology is just a tool to perform a proper assess and design, from a mental framework based on comprehensive concepts independent from the latest tech state of art.

Along this book, these concepts are assessed, applying them to every information security field comparing them with historical events. So, many topics are covered. Topics so interesting and different like psychology, ergonomics, cryptography, access control policies to information assets, economics impact on security, integrity controls, security in shared data environments, intellectual property, terrorism and a quite long etc... 

The author's long expertise gives many examples to book from banking, defense industry and intelligence sector (of course, those sectors have been the great developers of current information security state of art). In those examples you get detailed descriptions ranging from IFF systems (Identify-Friend-or-Foe) to command and control military organizations; from the evolution of nuclear missiles protocols to improvements of electronics to spy electromagnetic emissions.

Besides, this books is going to stay relevant on your shelf for long as happens with general topics covered in it. This book is not one of those that end in your basket after some years.

All that makes Security Engineering a critical book for any security engineer and a good investment worth every penny you use to buy it.