The recently published Elementary Information Security by Richard Smith received a glowing 5-star review from author, blogger, and Information Security Manager with Wyndham Worldwide, Ben Rothke, CISSP, CISA. Mr. Rothke writes book reviews on slashdot.org, where he had this to say about Elementary Information Security:
For anyone looking for a comprehensive information security reference guide - Elementary Information Security is it. While the title may say elementary, for the reader who spends the time and effort to complete the book, they will come out with a complete overview of every significant information security topic.
He continues to discuss the organization and progession of the text;
In 17 chapters covering over 800 pages, the book is well organized and progressively gets more complex. The early chapters focus on the fundamentals of computers and networking, and the core aspects of information security. The chapters progress in complexity and deal with distributed systems and more complex security topics. The mid-chapters deal with cryptography, starting with an introduction to the topic, into more complex topics and scenarios. One is hard-pressed to find an information security topic not covered in the book.
As an educator (currently teaching at the University of St. Thomas in Minnesota) Smith understands how students most efficiently learn a subject, and therefore rather than emphasize memorization he challenges readers to learn how to analyze a variety of security problems with rich pedagogical features, including:
-Problem Definitions, which describe a practical situation that includes a security dilemma.
-Technology Introductions, that provide a practical explanation of security technology to be used in the specific chapters.
-Implementation Examples, to show the technology being used to enforce the security policy at hand.
-Residual Risks, that describe the limitations to the technology and illustrate various tasks against it.
In particular, Mr. Rothke appreciates the application of the subject matter and pedagogy to pop culture,
The goal of the questions and exercises is to make the knowledge real. Some of the exercises include watching movies with computer security related topics such as The Falcon and the Snowman, Crimson Tide, and others. For example, in The Falcon and the Snowman, the author asks the reader to identify two types of security measure that would have helped prevent theft of the crypto keys. In Crimson Tide, it asks the reader to consider the missile launch procedures portrayed in the film and asks if it is possible for a single person to launch a nuclear missile. Another scenario is that under what circumstances a recipient should accept an unauthenticated message. It also asks the reader to give an example of a circumstance in which accepting an unauthenticated message would yield the wrong result.
Elementary Information Security is the first textbook certified to comply fully with the NSTISSI 4011: the federal training standard for information security professionals. Smith worked diligently to receive this recognition by mapping the text's content (by chapter and section level) to the required topics for the NSA's curriculum standards NSTISSI 4011.
Mr. Rothke concludes his review with this esteemed recognition in mind,
Given the value of the book, (ISC) should consider using this title as a reference for their CISSP certification. With all of the CISSP preparation guides available...one is hard pressed to find a comprehensive all-embracing security reference such as this. Some may even want to simply use this book as their definitive CISSP study guide.
For those looking for a single encyclopedic reference on information security, they should look no further than Elementary Information Security. Richard Smith has written a magnum opus on the topic, which will be of value for years to come.
Learn more about Elementary Information Security by Richard Smith at go.jblearning.com/infosec.
Read the full review by Ben Rothke, CISSP, CISA on slashdot.org.