***** Computer Security Handbook, Volumes 1 & 2, 5th Edition. Edited by Seymour Bosworth, M. E. Kabay, and Eric Whyne; published by John Wiley & Sons, www.wiley.com; 2,040 pages; $220.95.
The Computer Security Handbook’s 77 comprehensive chapters, in two volumes, cover all 10 domains of the Common Body of Knowledge as defined by the International Information Systems Security Certification Consortium (ISC)2.
Twenty-five chapters are new to this fifth edition, including “Social Engineering/Low-Tech Attacks and Insider Threats,” which often constitute the prime route to maximum damage. The number of pages has nearly doubled since the 2002 fourth edition.
The chapters are organized into eight parts, such as one on threats and vulnerabilities, one on prevention, and one on human factors. The chapters are dense in verbiage and, with some exceptions, short on visual illustrations. But The Computer Security Handbook is currently used as the basis for a two-semester undergraduate course at Norwich University by the technical editor, M. E. Kabay. As a counterpoint to limited illustrations, he creates and posts on the university’s Web site PowerPoint lecture slides based on each chapter. The slides are available to anyone for noncommercial use, providing an outstanding free supplemental resource for self-study for the Certified Information Systems Security Professional (CISSP) exam.
While this is a truly comprehensive and well-written reference set, the Handbook appears to be on a revision schedule of every seven years for the last four editions. With the enormous revolution in mobile computing devices alone, this schedule needs to be shortened. The threat to security from smartphones and tablets brought into every workplace is the current frontier that this great reference set must address in the next edition.
Reviewer: William Stepka, CPP, CISSP, is principal of Stepka & Associates in San Francisco, providing security consulting, training, and investigative services. He is the historian of ASIS’s San Francisco Bay Area Chapter and has contributed articles to its newsletter on topics ranging from social engineering to plainclothes security.