"Security engineering is different from any other kind of programming. . . . if you're even thinking of doing any security engineering, you need to read this book." -- Bruce Schneier "This is the best book on computer security. Buy it, but more importantly, read it and apply it in your work." -- Gary McGraw This book created the discipline of security engineering The world has changed radically since the first edition was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy -- and as they specialize, they get better. New applications, from search to social networks to electronic voting machines, provide new targets. And terrorism has changed the world. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here's straight talk about * Technical engineering basics -- cryptography, protocols, access controls, and distributed systems
Types of attack -- phishing, Web exploits, card fraud, hardware hacks, and electronic warfare
Specialized protection mechanisms -- what biometrics, seals, smartcards, alarms, and DRM do, and how they fail
Security economics -- why companies build insecure systems, why it's tough to manage security projects, and how to cope
Security psychology -- the privacy dilemma, what makes security too hard to use, and why deception will keep increasing
Policy -- why governments waste money on security, why societies are vulnerable to terrorism, and what to do about it
At over a thousand pages, this is a comprehensive volume. Engineering & Technology Saturday 7 June 2008
Ross Anderson is Professor of Security Engineering at Cambridge University and a pioneer of security economics. Widely recognized as one of the world's foremost authorities on security, he has published many studies of how real security systems fail and made trailblazing contributions to numerous technologies from peer-to-peer systems and API analysis through hardware security.