Security Engineering, 2nd Ed.
Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition
Published by Wiley. November, 2010
By Ross J. Anderson
The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here's straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.
About the Author:
Ross Anderson is Professor of Security Engineering at Cambridge University and a pioneer of security economics. Widely recognized as one of the world's foremost authorities on security, he has published many studies of how real security systems fail and made trailblazing contributions to numerous technologies from peer-to-peer systems and API analysis through hardware security.
Read more and Buy the Book »
(Please support your local bookseller.)
All chapters from the second edition now available free online!
("When I wrote the first edition, we put the chapters online free after four years and found that this boosted sales of the paper edition. People would find a useful chapter online and then buy the book to have it as a reference. Wiley and I agreed to do the same with the second edition, and now, four years after publication, I am putting all the chapters online for free. Enjoy them – and I hope you'll buy the paper version to sit on your shelf and impress the boss (as well as warding off the evil eye).")
This page accumulates further notes on the second edition of my book Security Engineering - A Guide to Building Dependable Distributed Systems. As relevant further material comes along that could be useful to students studying using my book and engineers using it as a reference, I link to it here.
Schneier on Security
Ross Anderson's Security Engineering Online (Schneier on Security)
Read Schneier’s blog for comments between author R. Anderson and Gweihir who raises valid concerns about the book based on the title “Security Engineering.” It has to do with the notion that the title necessitates it being an engineering text with “at least a strong focus on the engineering aspects that are known.” While the text may not provide a detailed engineering background on the subject it seems fair to say the author does not intend to provide such background. Rather, the author seems to have provided a wealth of useful information perhaps purposely not diving into deep engineering detail. Perhaps that would have made it unreadable. Several comments describe how readable it is, which is part of the beauty of the book. That is to say, while it is titled Security Engineering, it is not an engineering text but it does discuss security engineering, which in itself is quite useful.
Nick P. comments: “Awesome! There are few good resources on security engineering. I'm glad he makes this series free after a while. The first one was helpful long after it was free. I'm sure the second one will be the same.”
Yes, the entire 2nd edition is available in PDF format at no charge. Visit the author’s website.