Introduction to Computer Security

Even though that the book lacks illustration diagrams, I learned a lot from it. I am a computer engineering student in KFUPM and this book is used as a text book for a Computer Security course - COE 449. It is a good choice for beginners in computer security.

This is one of the best books I ever read.

The only people who hate security systems more than the end users who have to put up with a badly designed system are those who want to break into systems that have good security. Security for computer systems is very real and growing problem. Far beyond the virus that might come on an e-mail, white collar crime is much more expensive than other kinds. A grocery store holdup might net a few hundred dollars, a bank robbery a few thousand, the average white collar crime is in the hundreds of thousands. And the price of information may be worth life itself as in the case of the Enigma codes in World War II. This book is balanced at at interesting level above the how to and below the highly theoretical. It has some of the theory, and some of the how to. More important, it explains the why and the how, the broad concepts that enable a manager concerned with security, or the new security manager to set up an effective system that is tailored to the risk, the company, the employees, and others who might have some access to their computer system. I would rate this book at an intermediate level to move the reader higher up the professional scale. Highly recommended.

For those looking for a step-by-step book for securing your Windows XP box, you have come to the wrong place. This is a textbook covering security fundamentals from mathematical concepts, like cyphers and encryption, to the analysis of intrusions, viruses and worms through to policy aspects. About as concrete as it gets in terms of implementation comes in the second to last chapter on securing the internals of a C program. This book provides an excellent grounding in the fundamentals of security. A must have for anyone studying security, or for those looking for a deeper understanding of IT security fundamentals.

Most books on computer security describe and show how to use cryptography. But often due to lack of space and audience expertise, they often do not give any detailed theory of cryptosystems. There is relatively little maths in such books. In turn, cryptography books fall into roughly two piles. One is highly mathematical and abstract; deliberately independent of any operating system or implementation. The other uses those theorems from the previous type of book, and is more tied to some software package that implements them. Bishop's book stands differently. The level of the maths and the notation and the rigour with which he describes the cryptosystems would not be out of place in an algorithms book. But it is not all maths. There are chapters on Identity and on Access Control Mechanisms that are traditional sysadmin-type discussions. Veterans of running DEC's VMS machines will see much familiar material. But these discussions are also characterised by a level of analysis uncommonly seen in most sysadmin books. Bishop tries to show how behind such things like Access Control Lists, there is a systematic logic. Other books that might be tied to a given operating system or package might bury you in details, and obscure a general model. If you have wanted to dig deeper into the subject and have good background in discrete maths, Bishop is worth reading.