Principles of Information Security

by Michael E. Whitman, Herbert J. Mattord

Explore the field of information security and assurance with this valuable resource that focuses on both the managerial and technical aspects of the discipline. Principles of Information Security, Third Edition builds on internationally recognized standards and bodies of knowledge to provide the knowledge and skills that information systems students need for their future roles as business decision-makers. Coverage includes key knowledge areas of the CISSP (Certified Information Systems Security Professional), as well as risk management, cryptography, physical security, and more. The third edition has retained the real-world examples and scenarios that made previous editions so successful, but has updated the content to reflect technology's latest capabilities and trends. With this emphasis on currency and comprehensive coverage, readers can feel confident that they are using a standards-based, content-driven resource to prepare them for their work in the field.

Genres: Computers, Textbooks, Nonfiction, Computer Science, College, School

624 pages, Paperback

First published December 1, 2002

Reviews

[Mel · Rating 1 out of 5]

My god, this is the most boring book I've ever read. I had to read it for uni, but gosh, it's been a struggle. It's all 'pie in the sky' security information rather then anything even half way practical. If you don't have to DON'T READ IT

[James Barkley · Rating 3 out of 5]

It’s a good book for someone who wants to knew the basics of cyber security.

[Complete Rubbish · Rating 1 out of 5]

Wow what edition are they on? Way to keep the racket going. Outdated info mixed with as much useless jargon they could find to produce this. Looking forward to the endless red tape people like this will create when info sec becomes standardized by the gov.

[Major Doug · Rating 2 out of 5]

It was more about theory and physical security than network/system practicalities

[A Book Matchmaker · Rating 4 out of 5]

Great information

Full of great information to help with learning about this topic. Teaches you how to do many parts of information security.

[Jacob · Rating 1 out of 5]

DNF

[Bryan Witt · Rating 3 out of 5]

Textbook. Not wonderful but informational.

[JANISSE]

AWESOME BOOKS

[David · Rating 2 out of 5]

As required college overview reading, I guess this book would be OK. Its ivory tower is showing. But the crypto chapter (chapter 8) is pretty bad.

On P350 and P389, they refer to 3DES as a 128-bit cipher. But on P366 they change their minds and write "3DES uses three 64-bit keys for an overall key length of 192 bits". Both were wrong. DES only uses 56 of 64 bits for encrypting/decrypting, so 3DES is 168 bit -- not that it's even close to a 168-bit strength against a brute force attack.

They then say the Vernam Cipher is "also known as the one-time pad". Except that the Vernam cipher's keying material repeats when used up (that's why a one-time pad is not called a two or three time pad).

They also discuss old standards that went no where that no one uses, as if they are legitimate competing alternatives (examples, SESAME and S-HTTP). And their crypto chapter discusses S-HTTP, but doesn't even once mention TLS.

These gripes all pertain to the 4th edition (2011).

[Nitin]

none

[Catcheeto · Rating 4 out of 5]

Required reading for my class but a good enough read I took the time to add it on. Well written, keeps the info entertaining. A good read if you are newer in the information security scene. Bad thing is it is a textbook so it was $70 or so. Not sure if it is worth that if not needed for class, so you might wait till a bit older or check the first/second edition (not sure how good they are though).

[Bob · Rating 5 out of 5]

This is an excellent book to read about information technology. It goes into great details about all the security issues we face today involving information. In particular, that internet is a bad neighborhood of its own; yet, many resort to it through daily activities believing that they are safe from harms way.

[Aaron · Rating 3 out of 5]

I read this as recommended reading for my university course. While there were a number of key concepts I picked up, there was also a lot of real estate wasted on excessive detail that I don't think added anything.

Half of the book helped me to sleep, while the other half provided interesting reading.

[Aseel · Rating 5 out of 5]

Required reading for my class and it was great
This book gave me a clear view of security components
Good for beginners in this field
It is not avaliable in many libraries
but you could buy it online

[Geir · Rating 3 out of 5]

Great for history, theory and concepts, but this edition (the third) was a bit behind the times on current standards. Make sure you get the latest edition. As of today, 4th ed from 2012 is the good stuff.

[Beck Frost · Rating 2 out of 5]

General concepts and dated content. Might have been relevant about 10 years ago. Had to read for school, and even the instructor taking over the class talked about how bad this book is and can't wait to get a new book approved for the next sessions of the course.

[Ross Gerard · Rating 4 out of 5]

Well require references and further studies to master. Knowledge of Algebra, Discrete Mathematics, Computer Hardware, and Networks recommended.

[Bob · Rating 5 out of 5]

I am using this text book to teach. I find it useful to discuss current security issues.

[Melanie · Rating 4 out of 5]

College course work book. Good information.

[Sarah · Rating 3 out of 5]

Quiet dry, but informative.

[Akhtar Ali]

I have not seen or read the book yet. I dont know How I can say anything about the book