|Cybersecurity: A Self-Teaching Introduction|
Author: C. P. Gupta and K. K. Goyal
This book sets out to explain the concepts of cybersecurity and cybercrime in a way that's easy to follow and understand and so the reader can teach themselves. Given the complexity of cybersecurity, that's a big ask.
The authors start with an introduction to the concepts of systems, information systems, threats and risk to set the scene for the rest of the book. I felt it would be a good introduction for a student who needed a formal description, but some of the information seemed curiously old fashioned - are transaction processing systems and management information systems, as defined back in the 60s and 70s, that relevant to cybersecurity?
Chapter 2 looks at application layer security with definitions of security technologies such as firewalls and VPNs, and what is meant by a denial of service attack, trojan, trapdoor and so on.
Chapter 3 moves on to how to develop a secure information system. The authors describe the stages of developing an application in terms of threat modelling, risk assessments and mitigation, and provide definitions of what the terms mean rather than practical advice on how to go about assessing a risk, for example.
Next, the authors turn to information security policies, standards and cyber law. The fact that this chapter has a section on cyber laws in India without similar sections on cyber laws in the USA, EU, or other regions increased the feeling that the book started life as lecture notes for a regional course on cybersecurity. To be fair, there is coverage of ISO standards. There's an interesting section on semiconductor law, though I'm not sure how central this is to cybersecurity.
The final chapter looks at the security of emerging technology, specifically big data analytics, the Internet of Things, the smart grid, and security of SCADA control systems and wireless sensor networks.
Overall, this is a useful book if you want short descriptions of the terminology around computer security and cyber threats. I felt frustrated that the authors seemed to stop in each chapter just as they were getting beyond the generalities and basics, but given this is supposed to be a self-teaching instruction, perhaps that's reasonable.
Don't read this book to become a cybersecurity expert, or even to learn about new threats and how to counter them. Do read it if you want to have a general grasp of the territory.
|Last Updated ( Tuesday, 02 February 2021 )|