Book Reviews: Information Security Books and Product Reviews – Principles of Information Security

Reviewer Name: Michael Barwise

Reviewer Qualifications: BSc, CEng, CITP, MBCS

Book Title: Principles of Information Security

Subtitle: International Edition

Author(s): Michael E. Whitman, Herbert J. Mattord

Publisher: Cengage Learning (Delmar Learning)

Date of Publishing: 2011

ISBN(13): 9781111138233

Price (UK&US price – full price, not discounted price): £46.99,   $123.95

URL of Publisher Site: Cenage Learning

URL of Amazon UK web page:  Principles of Information Security

URL of Amazon US web page:  Principles of Information Security

The fourth edition of this self-professed academic textbook on information security covers a great deal of ground at a variety of levels of detail. But despite being described as an “International Edition” it is extremely US-centric in those areas where geography matters – in the chapter headed, “Professional, Legal and Ethical Issues…”, the only strictly non-US content is three paragraphs on the Council of Europe Convention on Cybercrime; and ISO 27001 is allotted a mere three pages in the chapter, “How to Plan for Security”, and half a page under, “Implementing Information Security”.Once one gets used to this, the book turns out to be a useful, broad technical overview, but primarily of IT security rather than information security – in that the depth of treatment varies in proportion to the technological nature of the topic under discussion. Thus, systems development lifecycles are summed up in less than eight pages and employment-related security in around three. On the other hand, encryption gets some forty pages all to itself: from the obligatory honorific reference to the Caesar cipher, to a brief résumé of the internals of AES.

This book is clearly intended to be a component of a larger set of study materials, which are listed at the end of the preface. It is also avowedly not a practitioners’ handbook, but is intended as a course text for college students – a purpose it is likely to fulfil admirably as it is very readable and covers the ground widely rather than in depth. I do find it a pity that academic courses in infosec seem, in general, not to teach much of what is most desperately needed at the coalface – notably the human equation and robust risk management – concentrating instead on the technocentric. The reality that the bulk of security breaches originate from the actions and omissions of non-malicious people is not sufficiently emphasised in infosec education. However, that is not the fault of this book per se, rather of the universal academic culture that engendered it.

A well-written academic course text on information security, albeit with a strong US bias. Very much of its kind, it should nevertheless prove useful for students, however, as the authors themselves attest, it is not a practitioners’ reference.

Marks: 3 out of 5


You don`t have permission to comment here!