Beautiful Security

Andy Oram, John Viega

Publisher

O'Reilly

ISBN

9780596527488

RRP

£30.99

Reviewed by

Mehmet Hurer, MBCS CITP CEng

Score

10 out of 10

Beautiful SecurityThis book is a collection of 16 essays covering a broad and pretty complete range of current topics in computer security. Each essay is very clearly written and easy to read, since no prior knowledge of security is assumed or required. As with many security books, it works on the premise that people and organisations do not take security seriously enough, and at best security is viewed as a ‘bolt on’ activity, usually after a breach.

Do not expect a complete and in-depth coverage of a particular topic, but what works really well is how the authors explain the key topics. This tends to be done by illustration using a series of case studies, and this is what makes the essays so easy to read and comprehend. You’ll get to learn about the creativity of cyber-criminals and how the security professional is counteracting.

Out of the 16 chapters there are a number that are most notable to me, though this is not to say the other essays are less relevant - on the contrary. Chapter 2 looks at wifi security, and it is the anecdotes that single out this chapter. Chapter 3 looks at security metrics, the concept of which I struggled with before I read this essay. Chapter 6 discusses the risk associated with online advertising, and how easy it is to be fooled. Chapter 7 looks at the evolution of PGP encryption, as told by its creator Phil Zimmerman. Chapter 8 illustrates the use of ‘honeyclients’ as a means of capturing cyber criminal activity, and the final chapter provides an interesting discussion on the role and future of malware and spyware detection. 

The only omission is the lack of a security glossary, although some chapters do include their own glossary.

Overall I found the book a very fascinating and enjoyable read, and since no jargon is used it should be accessible to any audience. If you want to find out what the cyber criminals are up to and what security professionals are doing to counteract, then this is a very good place to start.

Further information: O'Reilly

October 2009