What do you think?
Rate this book
Cybersecurity in Context: Technology, Policy, and Law
“A masterful guide to the interplay between cybersecurity and its societal, economic, and political impacts, equipping students with the critical thinking needed to navigate and influence security for our digital world.”
—JOSIAH DYKSTRA, Trail of Bits
“A comprehensive, multidisciplinary introduction to the technology and policy of cybersecurity. Start here if you are looking for an entry point to cyber.”
—BRUCE SCHNEIER, author of A Hacker’s How the Powerful Bend Society’s Rules, and How to Bend Them Back
The first-ever introduction to the full range of cybersecurity challenges
Cybersecurity is crucial for preserving freedom in a connected world. Securing customer and business data, preventing election interference and the spread of disinformation, and understanding the vulnerabilities of key infrastructural systems are just a few of the areas in which cybersecurity professionals are indispensable. This textbook provides a comprehensive, student-oriented introduction to this capacious, interdisciplinary subject.
Cybersecurity in Context covers both the policy and practical dimensions of the field. Beginning with an introduction to cybersecurity and its major challenges, it proceeds to discuss the key technologies which have brought cybersecurity to the fore, its theoretical and methodological frameworks and the legal and enforcement dimensions of the subject. The result is a cutting-edge guide to all key aspects of one of this century’s most important fields.
Cybersecurity in Context is ideal for students in introductory cybersecurity classes, and for IT professionals looking to ground themselves in this essential field.
—JOSIAH DYKSTRA, Trail of Bits
“A comprehensive, multidisciplinary introduction to the technology and policy of cybersecurity. Start here if you are looking for an entry point to cyber.”
—BRUCE SCHNEIER, author of A Hacker’s How the Powerful Bend Society’s Rules, and How to Bend Them Back
The first-ever introduction to the full range of cybersecurity challenges
Cybersecurity is crucial for preserving freedom in a connected world. Securing customer and business data, preventing election interference and the spread of disinformation, and understanding the vulnerabilities of key infrastructural systems are just a few of the areas in which cybersecurity professionals are indispensable. This textbook provides a comprehensive, student-oriented introduction to this capacious, interdisciplinary subject.
Cybersecurity in Context covers both the policy and practical dimensions of the field. Beginning with an introduction to cybersecurity and its major challenges, it proceeds to discuss the key technologies which have brought cybersecurity to the fore, its theoretical and methodological frameworks and the legal and enforcement dimensions of the subject. The result is a cutting-edge guide to all key aspects of one of this century’s most important fields.
Cybersecurity in Context is ideal for students in introductory cybersecurity classes, and for IT professionals looking to ground themselves in this essential field.
511 pages, Kindle Edition
Published August 7, 2024
2 people are currently reading
7 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
October 6, 2025
As 2025 slowly comes to a close, many companies still believe that information security is solely about a firewall. It’s these firms that often suffer the consequences of data breaches, ransomware attacks, and other similar incidents.
Information security is often defined as the combination of people, processes, and technology. In truth, it is much more than that. In Cybersecurity in Context: Technology, Policy, and Law (Wiley), authors Chris Jay Hoofnagle and Golden G. Richard III have written a pragmatic text that demonstrates the depth and breadth of what it takes to implement information security effectively.
When I note that it is a pragmatic text, an example is that the authors ask how well the intelligence community's threat (IC) model has aged. IC refers to a group of federal bodies, military and executive agencies, that develop forecasts and assessments in support of national security and foreign policy.
They argue that the IC threat model barely aligns with the needs of consumer and business Internet users. Most users lack the necessary resources or commitment to take proper precautions, such as encrypting emails or using a VPN. And thus, operators of the public internet can surveil both the traffic data and, in some cases, the contents of users' activities.
The book is designed as an introductory reference for information security. At 500 pages, the book offers a comprehensive overview of the core areas of information security.
Chris Jay Hoofnagle is a lawyer and professor of law at the University of California, Berkeley, while Golden Richard is a professor of computer science at Louisiana State University. The two combine to create a very readable and informative guide. They are able to balance theory and real-world scenarios, making this a truly enjoyable read.
As Hoofnagle is a lawyer, and law is a significant driving force for information security, he provides interesting insights into how to create systems that are both secure and compliant with relevant laws and regulations.
Throughout the book, the notion of information security as a holistic system, rather than just relying on firewalls and other hardware, is emphasized. That ensures the reader emerges with a clear understanding of what it truly takes to design and deploy secure systems and networks.
Many security vendors say that their products can be deployed quickly and easily. For those who believe the hype, they are often left with numerous security products, but little actual information security.
The authors effectively illustrate the challenges of information security. While security software and hardware tools can indeed be deployed quickly, deploying them effectively in a large enterprise is not a trivial endeavor. There are very serious challenges in doing information security correctly, which the authors highlight.
The authors devote considerable time to the people element of security, which is often overlooked. They write of the tensions involved in corporate security between management and the security teams. And not every one of these conflicts ends happily.
Bruce Schnier has often noted that information security is a tradeoff. The authors show this in detail, where both sides are usually correct. Business then needs to make a decision, which is more often than not, a binary one, on how to proceed.
Information security in 2025 is a broad and multifaceted topic. Those looking for a single text that covers everything in depth and breadth would have to expect a book in excess of 2,000 pages. Some of those do exist, but only with the score of authors.
While Cybersecurity in Context excels in breadth, it's obviously not going to be a single reference. As the book has only two authors, they have combined to write a well-integrated and readable book. Those all-in-one books, with scores of authors, often suffer from redundancy between authors and a lack of a single systematic approach. Cybersecurity in Context does not suffer from that.
The authors have combined to write a clear, lucid, and extremely practical introduction to information security. The book effectively combines an adequate amount of real-world stories and references to other works, making for a highly readable account of what can be a very dry topic.
Information security is often defined as the combination of people, processes, and technology. In truth, it is much more than that. In Cybersecurity in Context: Technology, Policy, and Law (Wiley), authors Chris Jay Hoofnagle and Golden G. Richard III have written a pragmatic text that demonstrates the depth and breadth of what it takes to implement information security effectively.
When I note that it is a pragmatic text, an example is that the authors ask how well the intelligence community's threat (IC) model has aged. IC refers to a group of federal bodies, military and executive agencies, that develop forecasts and assessments in support of national security and foreign policy.
They argue that the IC threat model barely aligns with the needs of consumer and business Internet users. Most users lack the necessary resources or commitment to take proper precautions, such as encrypting emails or using a VPN. And thus, operators of the public internet can surveil both the traffic data and, in some cases, the contents of users' activities.
The book is designed as an introductory reference for information security. At 500 pages, the book offers a comprehensive overview of the core areas of information security.
Chris Jay Hoofnagle is a lawyer and professor of law at the University of California, Berkeley, while Golden Richard is a professor of computer science at Louisiana State University. The two combine to create a very readable and informative guide. They are able to balance theory and real-world scenarios, making this a truly enjoyable read.
As Hoofnagle is a lawyer, and law is a significant driving force for information security, he provides interesting insights into how to create systems that are both secure and compliant with relevant laws and regulations.
Throughout the book, the notion of information security as a holistic system, rather than just relying on firewalls and other hardware, is emphasized. That ensures the reader emerges with a clear understanding of what it truly takes to design and deploy secure systems and networks.
Many security vendors say that their products can be deployed quickly and easily. For those who believe the hype, they are often left with numerous security products, but little actual information security.
The authors effectively illustrate the challenges of information security. While security software and hardware tools can indeed be deployed quickly, deploying them effectively in a large enterprise is not a trivial endeavor. There are very serious challenges in doing information security correctly, which the authors highlight.
The authors devote considerable time to the people element of security, which is often overlooked. They write of the tensions involved in corporate security between management and the security teams. And not every one of these conflicts ends happily.
Bruce Schnier has often noted that information security is a tradeoff. The authors show this in detail, where both sides are usually correct. Business then needs to make a decision, which is more often than not, a binary one, on how to proceed.
Information security in 2025 is a broad and multifaceted topic. Those looking for a single text that covers everything in depth and breadth would have to expect a book in excess of 2,000 pages. Some of those do exist, but only with the score of authors.
While Cybersecurity in Context excels in breadth, it's obviously not going to be a single reference. As the book has only two authors, they have combined to write a well-integrated and readable book. Those all-in-one books, with scores of authors, often suffer from redundancy between authors and a lack of a single systematic approach. Cybersecurity in Context does not suffer from that.
The authors have combined to write a clear, lucid, and extremely practical introduction to information security. The book effectively combines an adequate amount of real-world stories and references to other works, making for a highly readable account of what can be a very dry topic.
Displaying 1 of 1 review