Security Engineering — Third Edition

I'm writing a third edition of Security Engineering, and hope to have it finished in early 2020 so it can be in bookstores by Academic Year 2020-1.

With both the first edition in 2001 and the second edition in 2008, I put six chapters online for free at once, then added the others four years after publication. For the third edition, I've negotiated an agreement with the publisher to put the chapters online for review as I write them. So the book will come out by instalments, like Dickens' novels. Once the manuscript's finished and goes to press, all except seven sample chapters will disappear for a commercial period of 42 months. I'm afraid the publishers insist on that. But therearefter the whole book will be free online forever.

Here are the chapters I've put online for review so far:

If you see anything wrong or missing, or you think some aspect of any chapter topic isn't covered adequately, please email me at Ross dot Anderson at cl dot cam dot ac dot uk.

This new approach was inspired by the collaborative authorship model pioneered by my late friend and colleague David MacKay for his great books on sustainable energy and coding theory.

I made a video for the launch, which you can watch here. For comments, see our blog here, Bruce Schneier's blog here and El Pais here.


The Second Edition (2008)


cover

Download for free here:

Endorsements:

‘There is an extraordinary textbook written by Ross Anderson, professor of computer security at University of Cambridge. It’s called Security Engineering, and despite being more than 1,000 pages long, it’s one of the most readable pop-science slogs of the decade.’
Ben Goldacre

‘I'm incredibly impressed that one person could produce such a thorough coverage. Moreover, you make the stuff easy and enjoyable to read. I find it just as entertaining — and far more useful — than novels (and my normal science fiction). When I first got it in the mail, I said to myself "I'm never going to read all of that." But once I started reading I just kept going and going. Fantastic: well done. Now, let's hope that all those in charge of security for information technology will also read the book and heed the lessons.’
Don Norman

‘The book that you MUST READ RIGHT NOW is the second edition of Ross Anderson's Security Engineering book. Ross did a complete pass on his classic tome and somehow made it even better...’
Gary McGraw

‘It's beautiful. This is the best book on the topic there is’
Bruce Schneier

Errata and supplementary materials: Here are the errata for the second edition, and here's a page of notes and links concerning relevant topics that I've come across since publication.

If you're a college professor thinking of using my book in class, note that we use my book in three courses at Cambridge:

I hope you find these useful. You're welcome to use and adapt any of my slides if you wish under this Creative Commons license. Also, if you're an instructor at an accredited institution, you can request an evaluation copy via Wiley's website.

The first edition (2001)

You can also download all of the first edition for free:

The foreword, preface and other front matter

  1. What is Security Engineering?
  2. Protocols
  3. Passwords
  4. Access Control
  5. Cryptography
  6. Distributed Systems
  7. Multilevel Security
  8. Multilateral Security
  9. Banking and Bookkeeping
  10. Monitoring Systems
  11. Nuclear Command and Control
  12. Security Printing and Seals
  13. Biometrics
  14. Physical Tamper Resistance
  15. Emission Security
  16. Electronic and Information Warfare
  17. Telecom System Security
  18. Network Attack and Defense
  19. Protecting E-Commerce Systems
  20. Copyright and Privacy Protection
  21. E-Policy
  22. Management Issues
  23. System Evaluation and Assurance
  24. Conclusions
  25. Bibliography
Finally, here's a single pdf of the whole book. It's 17Mb, but a number of people asked me for it.

My goal in making the first edition freely available five years after publication was twofold. First, I wanted to reach the widest possible audience, especially among poor students. Second, I am a pragmatic libertarian on free culture and free software issues; I think that many publishers (especially of music and software) are too defensive of copyright. (My colleague David MacKay found that putting his book on coding theory online actually helped its sales. Book publishers are getting the message faster than the music or software folks.) I expect to put the whole second edition online too in a few years.

If you own the first edition of my book, I hope you liked it enough to upgrade to the second edition. I also have online errata for the first edition here.

Following enquiries from blind students, Jose C. Lacal has contributed these MP3 files of the first edition: preface, chapter 1, chapter 2, chapter 3, chapter 4, chapter 6, and chapter 7.

Where to buy the second edition

There are reviews of the first edition, which was translated into Japanese, Chinese and Polish.


Return to Ross Anderson's home page