Information Security 2e

While Matt Bishop's book (Computer Security, Art and Science) is considered the standard by many professors, I think students will find that Mark Stamp's book provides much more practical utility. Here's what Stamp has that Bishop doesn't: 1.) More readable writing style. 2.) Non-essential theory and rigor removed. 3.) Some less traditional but interesting topics (ex: CAPTCHAs, DRM). A few things that Bishop has that Stamp doesn't: 1.) Broader range of topics covered. 2.) Classic proofs and theory that Stamp omits for succinctness. Let's be clear though. One text is not better than the other-- the authors simply have different aims. I suggest that a student use Stamp's book to ease into Information Security, and then to go Bishop when more information is required. For example, in my introductory course to Information Assurance, I used Stamp's book to answer 90% of all questions quickly and completely and Bishop's book to tackle the remaining 10%. If I ever get into the theory side of IA, I'll probably have to use Bishop more, but Stamp works great in most situations.

This is a very readable primer on information security that address a number of topics including symmetric key crypto, public key crypto, hash functions, cryptanalysis, authentication, authorization, software anomalies, software insecurity, malware, and operating systems. I recommend this book.

Dr. Stamp touches many of the widely used and implemented security algorithms and techniques in today's industry. His clear and concise diagrams, examples, and thought provoking questions allow the reader to get a clear overview of the workings (positive and negative) of security technology. Mark Stamp has gathered all relevant information from a wide range of sources to produce an essential guide for information security. totally sweet

This text is an excellent introduction to the popular, important subjects of computer and network security, and is the best such text that I have yet seen. Professor Stamp offers clarity of presentation and a fluid, conversational style. There is an nice balance between comprehensive coverage and detailed analysis. Overall, I really like the structural organization, selection of topics, breadth of coverage, and level of difficulty. No special prerequisites are required to comprehend the basic ideas. However, readers with technical backgrounds will find a lot of material to challenge them. There are an abundance of illustrative figures, nice examples within the body of the text, and a wealth of good problems at the end of each chapter. The author provides excellent references for further study. Appendices delve into details concerning mathematical underpinnings and networking details. The book is divided into four main parts: cryptography, access control, protocols, and software. The cryptography section introduces fascinating historical vignettes, then explores details of modern block and stream ciphers. The author includes an excellent chapter on cryptanalysis. He provides specific examples, using mathematics and Boolean logic. The access control section explains issues of policy and implementation, regarding authentication and authorization. The protocols section discusses specific mechanisms for secure exchange of confidential information. The final section describes management of software flaws and related security issues.

A+++. Best security book ever. Covers almost all security related topics. I had to buy 3 different books to study security and still didn't understand so many protocols, etc. This single book covers it all in a very simple and easy to understand language. Its a must have for anybody wanting to study security for the first time or for expert-security users wanting to brush up their knowledge.