Computer Security: Principles and Practice

William Stallings, Lawrie Brown (2007)
Review date: April, 2011

Summarizing this book is quite meaningless, as it covers pretty much every aspect of computer security to some extent. It consists of 24 chapters organized into six larger themes:

  1. Computer security technology and principles, chapters 2-10
  2. Software security, chapters 11-12
  3. Management issues, chapters 13-18
  4. Cryptographic algorithms, chapters 19-20
  5. Internet security, chapters 21-22
  6. Operating system security, chapters 23-24

As we can make out from the list above, the first half can be thought of as a broad introduction, while the second is devoted to more specific topics.


Well, text books do have their own style, and it's not always the most captivating for the reader. Being as broad as this book is, it contains lots of great material, as well as parts the average reader may not find terribly interesting. Which parts fall into which category depends on your background, preferences, and reason for reading the book in the first place. For me the distribution was as following:

The first part didn't feel very exciting at first. Lots of terms are defined here, and I didn't find all of them interesting. For example, we are given explanations to terms such as disruption, incapacitation, corruption, or usurpation (actually, this is only a part of a larger list). Definitions are important, but when reading them I wondered: Is this important if my system has been hacked?

Once through all of that, that part gets quite ok. In my opinion, the two weakest chapters in the first part were chapter 5 and 10. The first of these two was on database security, and while the topic itself is interesting, the contents of the chapter felt remote from what I encounter in my reality. Trusted systems and multilevel security wasn't my favorite chapter either. Parts of it felt too difficult, other parts felt boring.

While at it... I can't say that part three was to my liking either. I'm aware of that its contents are very important (the section is about management issues), but important doesn't always imply fun to read, especially if you don't have the need for this particular information at the moment.

Part four, being on encryption and naturally containing some math, is quite difficult. You encounter some number theory and other more theoretical topics required whenever encryption comes into play. Still, this book is far better at theory than this, for example.

So, good or not? Text books are always special, in my opinion. They must cover a lot of ground, while they are not required to be particularly amusing or easy to read. This book falls into this category. It provides an excellent introduction to the field, but there are parts of it that you don't have to read if you don't really have to. All-in-all, I think that you should have this book in your bookshelf, but that it should stand in the reference literature section.

Who should read this book

Those looking for a broad introduction to computer security will definitely find it here. A text book, which I think is the intro book on computer security.


  • 2015-09-29

    It's been almost one and a half year since I reviwed a book! I've been too absorbed by Writing my own. Anyway, I'm back with Jeff Patton's relatively...
  • 2014-01-04

    New category! Performance! Reviewed The Every Computer Performance Book. Check it out!
  • 2013-09-10

    Reviewed a book that' slightly less technical, but much more fun to read. It's I.T. Confidential.
  • 2013-08-13

    Reviewed yet another book on Visual Studio 2012 and TFS. I also created a "Microsoft" category and moved the other TFS book there from the "Tools"...
  • 2013-08-05

    Updated the FAQ. Included information about getting a book reviewed.