Security Engineering

Anderson, R. (2008). Security engineering: a guide to building dependable distributed systems (2nd ed.). Indianapolis, IN: Wiley Pub.

Security is a critical element of our lives in this interconnected world of invisible computers and sensors. Moreover, the real security issues are not technical, they are people-centered. We must design better security with attention to how people actually behave, otherwise we all will defeat the security in order to get on with our lives.

I've written about this:

Ross Anderson understands these issues well, and in this mighty, very readable tome, he explains both the technology and also the ways that people can get around it and sneak in. Think your system is safe and secure? Think you will never fall for some scam or phishing attack? Think again: then read this book.I'm incredibly impressed that one person could produce such a thorough coverage. Moreover, he makes the stuff easy and enjoyable to read. I find it just as entertaining -- and far more useful -- than novels (and my normal science fiction). When I first got it in the mail, I said to myself "I'm never going to read all of that." But once I started reading I just kept going and going. Fantastic: well done. Now, let's hope that all those in charge of security for information technology will also read the book and heed the lessons.

I'm biased: Ross called me up one day when he was visiting Palo Alto (he normally resides in the UK) and we spent a delightful afternoon discussing these issues.

Link to Security Engineering at