Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Book Review: Elementary Information Security 56

benrothke writes "Elementary Information Security, based on its title, weight and page length, I assumed was filled with mindless screen shots of elementary information security topics, written with a large font, in order to jack up the page count. Such an approach is typical of far too many security books. With that, if there ever was a misnomer of title, Elementary Information Security is it." Read below for the rest of Ben's review
Elementary Information Security
author Richard E. Smith
pages 800
publisher Jones & Bartlett Learning
rating 10/10
reviewer Ben Rothke
ISBN 978-1449648206
summary Information security magnum opus
For anyone looking for a comprehensive information security reference guide - Elementary Information Security is it. While the title may say elementary, for the reader who spends the time and effort to complete the book, they will come out with a complete overview of every significant information security topic.

The book is in fact a textbook meant to introduce the reader to the topic of information security. But it has enough content to be of value to everyone; security notices or experienced professional.

Author Richard Smith notes that if you want to get a solid understanding of information security technology, you have to look closely at the underlying strengths and weakness of information technology itself, which requires a background in computer architecture, operating systems and computing networking.

With that, Elementary Information Security is a tour de force that covers every information security topic, large and small. The book also provides a relevant overview of the peripheral topics that are embedded into information security.

In 17 chapters covering over 800 pages, the book is well organized and progressively gets more complex. Two large chapters of the book are freely available online, with chapter 3 here and chapter 9 here. The early chapters focus on the fundamentals of computers and networking, and the core aspects of information security. The chapters progress in complexity and deal with distributed systems and more complex security topics. The mid-chapters deal with cryptography, starting with an introduction to the topic, into more complex topics and scenarios. One is hard-pressed to find an information security topic not covered in the book.

Chapter 1 is on Security from the Ground Up and lays the groundwork for what security is. Various topics around risk are detailed; such as identifying, prioritizing and assessing risks.

Chapter 2 is on Controlling a Compute rand reviews the underlying architecture around computers.

For some people, much of their learning about information security is based on rote memorization. In the book, Smith eschews this and each chapter closes with a glossary of topics, and penetrating questions. There are also problem definitions which detail practical situations with the hope that the reader can create and adequate security solution. The reader who spends extra time reviewing the questions will find that it will significantly help in their mastering the myriad topics.

The goal of the questions and exercises is to make the knowledge real. Some of the exercises include watching movies with computer security related topics such as The Falcon and the Snowman, Crimson Tide, and others. For example, in The Falcon and the Snowman, the author asks the reader to identify two types of security measure that would have helped prevent theft of the crypto keys. In Crimson Tide, it asks the reader to consider the missile launch procedures portrayed in the film and asks if it is possible for a single person to launch a nuclear missile. Another scenario is that under what circumstances a recipient should accept an unauthenticated message. It also asks the reader to give an example of a circumstance in which accepting an unauthenticated message would yield the wrong result.

The book is not meant as a For Dummies guide to the topic, and it assumes a college-level comprehension of relevant mathematical concepts. Note though that the requisite math is detailed in the sections on encryption and cryptography.

The book is also the first textbook certified by the NSA to comply with the NSTISSI 4011 standard, which is the federal training standard for information security professionals. The author notes on his blog that in order to gain that certification, he had to map each topic required by the standard to the information as it appears in the textbook.

Given the value of the book, (ISC) should consider using this title as a reference for their CISSP certification. With all of the CISSP preparation guides available, even the Official (ISC)2 Guide to the CISSP CBK, one is hard pressed to find a comprehensive all-embracing security reference such as this. Some may even want to simply use this book as their definitive CISSP study guide.

For those looking for a single encyclopedic reference on information security, they should look no further than Elementary Information Security. Richard Smith has written a magnum opus on the topic, which will be of value for years to come.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Elementary Information Security from Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.


This discussion has been archived. No new comments can be posted.

Book Review: Elementary Information Security

Comments Filter:
  • by Anne_Nonymous ( 313852 ) on Friday May 18, 2012 @04:38PM (#40045797) Homepage Journal

    Never judge a book by its title, weight and page length.

  • by b0bby ( 201198 ) on Friday May 18, 2012 @04:51PM (#40045943)

    At $125 it is priced like a textbook too. It looks interesting but I won't be dropping that.

    • Re:Expensive (Score:5, Insightful)

      by mcrbids ( 148650 ) on Friday May 18, 2012 @05:48PM (#40046587) Journal

      Complaining about the price ($125) for a book like this is penny-wise and pound-foolish, IMHO. Spending a few hundred dollars every so often at the local book store on good, meaty howto books that you take the time to read is one of the best investments you could ever make. It basically doesn't matter how much you know already, knowing more pretty much always pays!

      20 years ago, I got started in the tech industry with a $60 book, "Upgrading and repairing PCs". Although it was somewhat wordy and tended to repeat itself annoyingly, studying that book carefully gave me the tools I needed to start a successful computer repair store. (back when knowing how to dumper the IO address of a controller card was something you needed to do to get it working)

      I've switched around the business several times, and make a very, comfortable living today based primarily on the knowledge I obtained by reading beefy, knowledge-packed "expensive" books like this.

      Knowledge is power, and in today's world, that translates to $$cash$$.

      • by b0bby ( 201198 )

        Oh, if I were doing this stuff on a regular basis or was taking a class on it, I would buy it in a heartbeat. But I'm just an interested amateur, so I won't be buying it.
        It's an interesting question, though, whether or not they would make more money at a lower price by expanding their market beyond those who have to have it to those who'd just like to.

  • by Anonymous Coward on Friday May 18, 2012 @05:11PM (#40046165)

    Are there any other good books by this "Jones & Bartlett Learning" publisher? Maybe one on HTML formatting?

    • Are there any other good books by this "Jones & Bartlett Learning" publisher? Maybe one on HTML formatting?

      There apparently aren't any better books on Infosec at all, since this is the "Information security magnum opus", or maybe it's a "tour de force", or whatever cliche the reviewer could dredge up to establish that it is, in fact, a really big book. Which, by the way, is eight hundred pages! Like, that's a hundred pages longer than 700 pages! Amazing!

      But if you aren't sure what this HUGE HUGE book is:

      The book is in fact a textbook meant to introduce the reader to the topic of information security.

      Thank you, Captain Obvious!

  • I'm starting a course next month that is using this book, I was surprised to see it on /., looking forward to it now.

To do two things at once is to do neither. -- Publilius Syrus