Book Review: Foundations of Information Security

Hello friends and welcome to HaXeZ, Foundations of Information Security is probably one of the first books I should have reviewed. This is a great book for anybody new to information security. It’s written by Jason Andress and published by no starch press. While there are many books out there that cover the material in this book, they can sometimes be too cold and factual to enjoy. The author of this book brings a great balance of warm humor and information. For example, the author quotes the phrase “With great power comes great responsibility” and even goes as far as referencing it to a particular Spiderman comic book. Furthermore, the author explains how hacking a heart rate monitor could be heart-breaking… 

What Is Information Security?

This book is well written, it somehow manages to keep a lot of the droll information interesting. The subjects covered in this book can be found in other books such as books that cover the Security + certification. I’ve read many of those books but this one was by far the easiest read. It covers core concepts like the CIA (confidentially, integrity and availability) model of information security. It explains the defense-in-depth strategy that covers the external network, internal network, host, application, and data. The author also includes easy-to-understand diagrams that help to visualize these concepts.

Identification and Authentication

Identification and authentication are important factors of information security and are covered in detail in this book. In short, it’s explained how there are weaknesses in traditional authentication methods such as passwords. Ordinarily, users aren’t that good at remembering complex passwords and this could lead to them writing them down in places (such as the bottom of keyboards) that could be easily accessed. Furthermore, it covers the various attack types and additional mechanisms such as multifactor authentication that could be implemented to improve it.

Cryptography

One area of computing that really interests me is the history of cryptography. Specifically, the Enigma machine as it was one of the first mechanical encryption devices. While there were others such as the Jefferson Disk, the Enigma machine was an incredible device for the time. In effect, it helped to keep the Nazis’ communications secure for a long period of time until it was broken by Alan Turing and the Bletchley Park team. Beyond the history of cryptography, the author covers modern encryption technologies and explains their importance.

Conclusion – Foundations of Information Security

The author covers far more than what I’ve discussed above. Additional chapters include the Human Element in security, Physical Security, Network Security, Operating System Security, Mobile, Embedded and Internet of Things Security, and Application Security. To summarise each chapter and give my opinions would probably require a book worth of writing itself. However, if you’re new to info security or are looking to refresh your knowledge then this is an ideal book. It’s easy to read and makes the information fun to consume. My biggest takeaway from the book is that Cybersecurity is constantly evolving and growing. With new devices being added to the internet every day, new attacks are being developed. Like the Cybersecurity industry, we too should continue to evolve and grow.