Security Engineering: A Guide to Building Dependable Distributed Systems, Second Edition

***** Security Engineering: A Guide to Building Dependable Distributed Systems, Second Edition. By Ross Anderson; published by John Wiley and Sons, Inc., www.wiley.com (Web); 1,080 pages; $70.

Threats—such as students hacking into networks to change their grades and crooks altering CCTV time stamps—are among those that system engineers must design against. And developing systems impervious to these schemes is the greatest challenge facing many of today’s system engineers. This thorough, timely, and well-referenced text offers help by addressing how to engineer secure computer-based systems.

The book is divided into three parts. The first looks at the basics, starting with the central concept of a security protocol, continuing with human-computer interface issues, access controls, cryptology, and distributed-systems issues. Refreshingly, the text does not require nor presume any technical background on the reader’s part beyond basic computer literacy.

Subsequent sections look in more detail at important applications such as military communications, medical record systems, cash machines, mobile phones, and pay television. These topics introduce more advanced concepts and prove quite interesting. Information security is addressed to a limited degree, focusing on the competing interests of companies, consumers, criminals, police, and spies. The book’s final phase addresses organizational and policy issues: how computer security interacts with the law and with corporate politics, how to ensure that a system will perform as intended, and how the business of security engineering is best managed. 

The book’s only flaw is a potentially misleading title. The text covers how to engineer secure computer-based systems, not how to engineer security systems. If you need to engineer an alarm and access control system integrated with a networked closed circuit video system or to design a system to notify management when building automation systems fall outside parameters, you should look elsewhere.

Yet the book’s IT focus is relevant to any practitioner in today’s converged security environment, especially given that security is best “baked in” from the start.

Whether used as a textbook, reference book, or introduction to technologies, this book would be an invaluable resource for the foreseeable future. The need for dependable security engineering is summed up by my favorite passage of the book, attributed to philosopher Immanuel Kant: “Out of the crooked timber of humanity, no straight thing was ever made.”

Reviewer: James R. Black, CPP, PSP, CET (Certified Engineering Technologist), is an Irvine, California-based senior security consultant for TRC, a multidiscipline infrastructure engineering firm with 95 offices nationwide. He is a member of both ASIS International and the International Association of Professional Security Consultants.