Welcome!

Cloud Security Authors: Elizabeth White, Liz McMillan, Pat Romanski, Zakia Bouachraoui, Yeshim Deniz

Related Topics: Cloud Security

Cloud Security: Book Review

Book Review: Security in Computing (5th Edition)

Covers all the security topics you need to know about to work successfully in a decent size enterprise

This book is a beast!!! It is 100% textbook, with a lot of exercises at the end of the chapters. If your class uses this book, get ready for a fire hose of information. It covers a ton of topics and covers them in depth.

Although it is a text book the authors do there best to keep it interesting. I really enjoyed the sidebars that include true stories of security breaches. I really like the ones that find out what the criminal was thinking. Some of the reasons for doing what they do are nuts.

One of the biggest problems with security I see today is the security teams oftentimes don't know what to secure, or how to secure stuff when they do. This book starts out with a really nice introduction to what computer security is. The author discusses Values of Assets, the Vulnerability–Threat–Control Paradigm, Confidentiality, Integrity, Availability, Types of Threats, Types of Attackers, Risk and Common Sense, Method–Opportunity–Motive, Vulnerabilities, and Controls. By the time you are done this chapter you have a high level few of today's security issues.

1. Introduction
2. Toolbox: Authentication, Access Control, and Cryptography
3. Programs and Programming
4. The Web—User Side
5. Operating Systems
6. Networks
7. Databases
8. Cloud Computing
9. Privacy
10. Management and Incidents
11. Legal Issues and Ethics
12. Details of Cryptography
13. Emerging Topics

I was glad to see information on regulations, compliance, and laws. They can wreak havoc on an organization's productivity when left to an unqualified security team. I usually find that IT organizations that have locked down everything from the Internet to your USBs, have no concept of how to implement security in a managed and efficient way.

Years ago I was the lead research and development on a contract with the state. They allowed no internet except for 2 PCs that all 250 people on the project had to use. 90% of the time they were tied up with people checking their personal email. That was the days before smart phones. I would have to go home, research stuff, download it and burn it to CD, and take it in to work. I understand the thoughts behind natural immunity, but separating yourself from the world you are trying to successfully build software for, leads to software that doesn't meet the needs of that world.

More recently I was tasked with building a mobile application. The company had a guest wireless connection in place, but it was so locked down we couldn't use it. We needed to get data plans for the phones to test the applications. They also had emails with attachments reviewed by help desk personnel that would then release them. They basically are operating like the state project I mentioned above. Yet every security audit is failed.

This book does a great job of covering all the security topics you need to know about to work successfully in a decent size enterprise. The detail and depth of each topic amazed me.

A highlight of this book is that after the detailed introduction at the beginning of the book, each chapter contains topics you can read in isolation, while at the same time they are logically tied together.

Another highlight is that the book contains both timeless information and current information doing a really good job of tying the history of a topic to the current state of a topic. For example, the chapter on Cloud computing contains basic information on SaaS, PaaS, and IaaS, as well as sidebars on current research happening today that isn't quite ready for release to the world.

Over all I highly recommend this book not only students that need it for a course, but to everyone that has any interest in learning more about the world of security. For the amount of information and the clarity of its delivery, this book is absolutely worth the price.

Security in Computing (5th Edition)

Security in Computing (5th Edition)

More Stories By Tad Anderson

Tad Anderson has been doing Software Architecture for 18 years and Enterprise Architecture for the past few.

IoT & Smart Cities Stories
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
The Founder of NostaLab and a member of the Google Health Advisory Board, John is a unique combination of strategic thinker, marketer and entrepreneur. His career was built on the "science of advertising" combining strategy, creativity and marketing for industry-leading results. Combined with his ability to communicate complicated scientific concepts in a way that consumers and scientists alike can appreciate, John is a sought-after speaker for conferences on the forefront of healthcare science,...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
DXWorldEXPO LLC announced today that Ed Featherston has been named the "Tech Chair" of "FinTechEXPO - New York Blockchain Event" of CloudEXPO's 10-Year Anniversary Event which will take place on November 12-13, 2018 in New York City. CloudEXPO | DXWorldEXPO New York will present keynotes, general sessions, and more than 20 blockchain sessions by leading FinTech experts.
Apps and devices shouldn't stop working when there's limited or no network connectivity. Learn how to bring data stored in a cloud database to the edge of the network (and back again) whenever an Internet connection is available. In his session at 17th Cloud Expo, Ben Perlmutter, a Sales Engineer with IBM Cloudant, demonstrated techniques for replicating cloud databases with devices in order to build offline-first mobile or Internet of Things (IoT) apps that can provide a better, faster user e...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science" is responsible for guiding the technology strategy within Hitachi Vantara for IoT and Analytics. Bill brings a balanced business-technology approach that focuses on business outcomes to drive data, analytics and technology decisions that underpin an organization's digital transformation strategy.