Aucun appareil Kindle n'est requis. Téléchargez l'une des applis Kindle gratuites et commencez à lire les livres Kindle sur votre smartphone, tablette ou ordinateur.
Pour obtenir l'appli gratuite, saisissez votre numéro de téléphone mobile.
|Prix livre imprimé :||EUR 65,57|
|Prix Kindle :||
Économisez EUR 19,50 (30%)
Security Engineering: A Guide to Building Dependable Distributed Systems 2 , Format Kindle
|Neuf à partir de||Occasion à partir de|
|Longueur : 1080 pages||Langue : Anglais|
Lecteurs numériques KindleTablettes Kindle Fire
Les clients ayant acheté cet article ont également acheté
Description du produit
Détails sur le produit
Voulez-vous nous parler de prix plus bas?
Commentaires en ligne
Meilleurs commentaires des clients
Anderson conduit le lecteur à penser comme un extra-terrestre, hors du respect des règles pour contourner les systèmes de sécurité ou mesurer les risques des systèmes complexes
Commentaires client les plus utiles sur Amazon.com (beta) (Peut contenir des commentaires issus du programme Early Reviewer Rewards)
I especially like all the examples. If you already work in the space, you already know WHY any of this is important. If you don't, then leaving those stories out really makes the subject matter dry and irrelevant. Including it really hits home as to why security is so important to all of us, and it makes the solutions much more intriguing.
The author explains things in layman's terms, so although this is a very broad and complex topic, it's very accessible through this book. I also love the author's approach of introducing you to *all* the relevant concerns of security, and then giving you references if you want to learn more (including problems that haven't been solved yet).
One thing I found interesting was that having the advantage of living 10 years beyond the end of the book, it becomes clear that many of the current hot topics in security have been predicted by security experts for years. For example, Google just found the first SHA-1 collision, and in the book, Ross reported that an algorithm has been developed to find a collision in 2^69 steps, but it was predicted that it should be possible in 2^60 steps. 10 years later, as I'm reading the book, Google reports they did it with 2^63 computations.
If you're a professional, you probably already know all the important stuff from this book. So depending on what you're looking for, it might not be the book for you. If security is this mysterious, complex thing that feels like it's beyond your reach, you'll love this book. It's not like "heads first" security where it just flies by. You may find yourself slogging through the thousand or so pages over a series of eye-straining months. Your husband might get used to seeing you making pained faces around the house while looking at the ceiling as you try to understand something. But it's still fun. Oh also sometimes the author is unexpectedly sarcastic, and that's really fun, too.
While studying for the CISSP exam I was forced to familiarize myself in many areas of security I had previously skirted – thus it was grueling work. Few of the CISSP level exam questions require in-depth knowledge; overall the CISSP requires an eye-in-the-sky view of the entire security field, and how different concepts fit together. At the level of the CISSP there are many good resources and it only took me two weeks of study to prep for a passing score.
Studying for the CISSP-ISSAP has been more challenging. Not only is the training availability extremely limited, there are few good study resources for the exam. I understand the ISSAP concentration requires detailed knowledge of the inner workings of many technical systems (and not just those normally administered by security professionals). To pass this exam you not only need to retain that knowledge, but know how it all works in minute detail.
A long foreword, but the point being stumbling across this book has been a lucky break. Ross dives into security engineering at the street level and comes up for air only to relate real world cases of security failure and how they can be avoided. Not only does he get down to the detail level required on much of the CISSP-ISSAP curriculum, his book is heavily weighted in the technical control fields that are core to the ISSAP exam.
If you’re tasked with engineering security controls in any information system or joining me in studying for the ISSAP concentration I highly recommend this read.
This book was published in 2010 making it currently 7 years old. This means there are some glaring exemptions from his review of historical security failures and a bit of weakness in mobile, social and cloud. It should be noted that. Despite being 10 years out of date many of his observations seem eerily prescient given what has occurred during the intervening interval and although lacking in examples pertaining to Social Mobile Analytics and Cloud – he accurately predicted the systemic issues encountered in these areas proving good fundamental coverage still useful in 2017.
Trailing note. This is 1080 pages - if you're expecting a casual read look elsewhere, while Ross does an excellent job of keeping this digestible be prepared for some focused attention on every passage.
Two elements combine make this book unique: first, the book manages to cover all of the major topics in the field, and second, the book covers the whole range of attacks that systems can face: technical, procedural and physical. Historically, writers on information security have focused on computers and disembodied "users," downplaying the crucial issues of physical security, perimeters, operating procedures, and the limits of human behavior. This book tries to integrate such concerns into information security thinking, instead of treating them as "special concerns that computer geeks don't really care about."
Best of all, the book is a great read. Ross has a fine way of drawing out the irony we encounter in user behavior, enterprise behavior, and even in the actions of presumed authorities in industry and government. At one point he discusses a government endorsed security evaluation process "which, as mentioned, is sufficient to keep out all attackers but the competent ones."
Ross unabashedly explains several aspects of information security that most writers ignore entirely, like security printing, seals, tamper resistance, and associated procedures. In my own books, reviewers have chided me for including such "irrelevant" topics, even though they play an essential part in making a real system work. As Ross ably points out, most successful attacks these days are pretty mundane and don't involve cryptanalysis or sophisticated protocol hacking. ATM fraud, for example, often relies on pre-computer technology like binoculars to pick up a victim's PIN. This book should open a lot of peoples' eyes.
Rechercher des articles similaires par rubrique
- Boutique Kindle > Ebooks Kindle > Ebooks en langues étrangères > Ebooks en anglais > Computers & Internet > Programming
- Boutique Kindle > Ebooks Kindle > Ebooks en langues étrangères > Ebooks en anglais > Computers & Internet > Security & Encryption
- Livres anglais et étrangers > Computers & Internet > Networking > Networks, Protocols & APIs
- Livres anglais et étrangers > Computers & Internet > Programming
- Livres anglais et étrangers > Computers & Internet > Security & Encryption