Security in Computing, 3rd ed
by Charles Pfleeger and Shari Pfleeger

Prentice Hall 2003.
ISBN 0-13-035548-8 LoC QA76.9.A25 P45 2003.  746 pages. $79.00. Index, bibliography.

Reviewed by  Robert Bruen   January 13, 2003 

There are very few security books that qualify as a real textbook. Most security books seem to be written by authors who have a specific agenda, such as how defend against hackers or PKI or crytpo. They are generally practical in nature, not to say this bad, but security has moved past the headlines into the everyday world which includes coursework in colleges and universities. Textbooks differ in they try to cover enough of the discipline with enough depth, plus have exercises and problems. It is harder to write a good textbook than an ordinary book. There needs to be a particular style of organization and supplemental material, like a good bibliography - something that is hard to find. The bibliography reflects the amount of research effort.

The Pfleegers' third edition meets all the standards for a really good textbook for security. Moreover, the textbook characteristics do not take away from the value of the book as a general book on security. As we all know, sometimes textbooks are a little dry or to pedantic, but not so with this book. This is an enjoyable time in the world of security books, as we see the quality on the rise. Several books have become cornerstones of the discipline of security, such as Schneier's Applied Cryptography and Bishop's new Computer Security. This book fits into this category because of the unique qualities that will allow it to be of value longer than the books which look like headlines in the news media.

Security has moved past just looking at the technical aspects to the management of the security operation. The chapter on administering security is one that is often ignored. The chapter sections cover planning, risk analysis, policies and physical security. The following chapter is titled "Legal, Privacy, and Ethical Issues in Computer Security." I would change that to "Ethical, Legal, and Social Issues in Computer Security" because privacy is not the only social issue. Besides, the acronym ELSI can be used as it is in the Human Genome Project. Both areas are having and will continue to have a tremendous impact on society. In any case, the chapter covers copyrights, patents and trade secrets, crime and privacy, with several ethical case studies. It is about time that a serious look at ethics in computer security appeared. This section would provide a perfect starting point.

The remainder of the book has good chapters covering database security, writing secure code, operating system security and cryptography. The balance in coverage is excellent and the addition of database security is welcome. The preparation and knowledge of the authors are abundantly clear. This is a highly recommended book, one I will use the next time I teach a security course.