Computer Security: Art and Science

The academic style of the book is understandable as the author, Dr. Matt Bishop is an Associate Professor in the Department of Computer Science at the University of California at Davis.

The topics in the book cover the world of computer science, from access control, policy and cryptography, to information flow, vulnerability analysis, auditing and more. Unfortunately, this comes in a style that is heavy on formal methods and the extensive use of various forms of symbolic logic.

Computer Security: Art and Science is a solid book, which is well suited for a graduate level university course for those looking primarily into the theoretical nature of computer security. But for those who are looking for practical answers on day-to-day corporate security issues, Computer Security: Art and Science, while a masterpiece, will not fit their needs.

Rating:
Summary: Solid book, which is well suited for a graduate level course
Review: At over 1000 pages, Computer Security: Art and Science is a veritable everything you need to know about computer security. But for most readers, the book will be far too much information, in a style that is more academic than practical.

The academic style of the book is understandable as the author, Dr. Matt Bishop is an Associate Professor in the Department of Computer Science at the University of California at Davis.

The topics in the book cover the world of computer science, from access control, policy and cryptography, to information flow, vulnerability analysis, auditing and more. Unfortunately, this comes in a style that is heavy on formal methods and the extensive use of various forms of symbolic logic.

Computer Security: Art and Science is a solid book, which is well suited for a graduate level university course for those looking primarily into the theoretical nature of computer security. But for those who are looking for practical answers on day-to-day corporate security issues, Computer Security: Art and Science, while a masterpiece, will not fit their needs.

Rating:
Summary: An excellent college-level educational resource
Review: Computer Security: Art And Science by Matt Bishop (Associate Professor, Department of Computer Science, University of California - Davis) is an extensive, 1084-page instructional introduction to the science and challenges of computer security, and which is useful as either a classroom text or as a self-teaching tool. Individual chapters address all aspects of computer security including methodologies and technology for improved security, ways to analyze vulnerability and detect intrusions, computer security examples, ways to limit access privileges, digital signatures, and a great deal more. An excellent college-level educational resource for the digital age, Computer Security is an essential, accessible, core addition to any personal or professional computer security reference collection.

Rating:
Summary: overrated
Review: Computer Security: Art and Science is an excellent book. But not for the newbie.

It is on the same lines as Schneier's Applied Cryptography.

Excellent, but get your math skills out.

Rating:
Summary: Excellent, but not for the newbie
Review: Computer Security: Art and Science is an excellent book. But not for the newbie.

It is on the same lines as Schneier's Applied Cryptography.

Excellent, but get your math skills out.

Rating:
Summary: Never Back on the Shelf
Review: I admit...this book was a required text for my computer security class, so I didn't buy it for my reading pleasure.

First thought? GOOD GRIEF (it's about 1000 pages)!
Current thinking? THANK GOODNESS I HAVE THIS BOOK.

I have pages in every chapter marked and read and have to say that it has helped transform me from someone who didn't have a clue about computer secrurity to someone who is now getting the NSTISSI 4011 certification in conjunction with a PhD in Computer Information Systems with a focus in Information Security.

The explanations are clear, yet bring the reader beyond the elementary level. Bishop covers a wide range of topics to help create a thorough understanding of security issues. Of most benefit to me was the section on Cryptography.

I've read some review regarding the math. It's in there for those who would like to review it, but it not, just skim and read on. The first time I went through this book, I skipped any section with math, but found those very same sections useful as I learned the topics in depth.

Since I bought this book a year ago (this review is dated 11/04) and I have not yet put it back on the shelf.

Rating:
Summary: overrated
Review: I just recently finished a class in computer and network security that used this as its textbook. It has too much theory and not enough application. I enjoy reading, but this book doesn't make for good reading. It's incredably dull, and unless you're very interested in the engineering side of security, stay as far away from this book as you can. It doesn't even cover many of the biggest threats to computer security today, and the few that it does mention don't get any in-depth discussion.

Rating:
Summary: One of few books that can qualify as a textbook in infosec
Review: Please understand that the Amazon star system, while very powerful has limits, I feel this book is 5 stars as a textbook for an undergrad computer security course, 4 stars for a graduate student and 3 stars for a book on the average information security worker's shelf.

Computer Security Art and Science has been years in the making and for good reason; it is over a thousand pages. The book seems best suited for four groups of readers. The first group is college students; this will probably be a popular choice as a textbook for undergraduate level students and with additional materials, graduate level students. It is a complete guide to computer security terminology and theory. Other groups of readers that would benefit from this book include security knowledgeable managers seeking to assess the knowledge of potential employees especially in policy and architecture positions. A third group includes anyone preparing for information security certifications. If you are wish to certify you will benefit from a close reading of this text before attempting your examination. Finally, anyone seeking to understand the big picture of information security would benefit from Computer Security Art and Science. However the book's value is primarily as a textbook!

Like most authors writing a security book, Matt has chosen to start at a basic level beginning with a discussion of confidentiality, integrity and availability. As a reviewer I was quietly wondering how long he would stay there. The answer proved to be one chapter only and at the back of the chapter one the author has included insightful, thought provoking study questions. If I were considering hiring someone who claimed to have experience in information security that could not answer these questions, I would show them the door.

Now to consider the rest of the book! On the first page of chapter two we are introduced to logical equations. This is where the casual reader is likely to get off the bus while the diligent student with a qualified instructor gets on. As soon as I saw the equations with no explanation of how to read them, I could see someone browsing in a bookstore shut the cover and move on. Be brave and press on is my advice; the book is well worth it even if some of the illustrations are beyond comprehension without a teacher's guide. It says in the preface this book was designed to be a college level textbook. They have to put a few inscrutable pages in the book so the professors can appear to be smarter than the students.

The cryptography section, chapters 9 - 11 are very approachable and while not as in depth as some other sections, they would help anyone preparing for the various industry security certifications including CompTIA's Security +, ISC2's CISSP and SANS' GSEC. In fact the entire book would be beneficial for any of these.

The table of contents says that part 6 of the book, assurance, chapters 18 - 21, were contributed by a different author, Elisabeth Sullivan. I read those chapters closely and could not detect a different tone or level of quality; the authors are to be congratulated for that. Nice use of humor on the heading title for 18.1.1, "The Need for Assurance" and where else can you read about "Extreme Programming".

No book is perfect, the intrusion detection and penetration testing discussions need to be beefed up, but chapter 29, Program Security more than makes up for them. That chapter should be required reading before anyone is allowed to touch a compiler.

I donate most of the books people send me to review to my local library, but this one stays on the shelf and I am setting an iCal reminder to re-read the policy and audit sections a couple months from now.

Rating:
Summary: A book suitable for 1980's
Review: Security concepts dealt in this book are of early 1980's computer issues- it doesn't put much emphasis on the recent security technologies. Hard to read, hard to follow what the writer wants to imply. Had to buy this book for Security info systems engineering class at Polytechnic University, Brooklyn, NY- but didn't find any use. It's a total junk for the price. Doesn't include any security tool in a cd, nor does it talks about practical usage of such software. Try buying Hacking Exposed book for a lot cheaper.

Rating:
Summary: Using as textbook for computer security graduate class
Review: The book is easy enough to follow though some of the proofs are intricate and require a good math-head. Needs more real world examples. I'd also like to see a selected answers to end of chapter questions, too. The bibliography is extensive and thorough.

There are a lot of errors and the reader should refer frequently to the author's online errata file.

There IS NOT nearly enough room in the margins for notes and comments or cross-references. Textbooks need a lot of whitespace and this book doesn't have it.

I'd have given a higher rating if there was more whitespace and fewer errors.

BTW, seems like every comp sec instructor out there is using this book.