What do you think?
Rate this book
Foundations of Information Security: A Straightforward Introduction
High-level overview of the information security field. Covers key concepts like confidentiality, integrity, and availability, then dives into practical applications of these ideas in the areas of operational, physical, network, application, and operating system security.
In this high-level survey of the information security field, best-selling author Jason Andress covers the basics of a wide variety of topics, from authentication and authorization to maintaining confidentiality and performing penetration testing.
Using real-world security breaches as examples, Foundations of Information Security explores common applications of these concepts, such as operations security, network design, hardening and patching operating systems, securing mobile devices, as well as tools for assessing the security of hosts and applications.
You'll also learn the basics of topics
• Multifactor authentication and how biometrics and hardware tokens can be used to harden the authentication process
• The principles behind modern cryptography, including symmetric and asymmetric algorithms, hashes, and certificates
• The laws and regulations that protect systems and data
• Anti-malware tools, firewalls, and intrusion detection systems
• Vulnerabilities such as buffer overflows and race conditions
A valuable resource for beginning security professionals, network systems administrators, or anyone new to the field, Foundations of Information Security is a great place to start your journey into the dynamic and rewarding field of information security.
In this high-level survey of the information security field, best-selling author Jason Andress covers the basics of a wide variety of topics, from authentication and authorization to maintaining confidentiality and performing penetration testing.
Using real-world security breaches as examples, Foundations of Information Security explores common applications of these concepts, such as operations security, network design, hardening and patching operating systems, securing mobile devices, as well as tools for assessing the security of hosts and applications.
You'll also learn the basics of topics
• Multifactor authentication and how biometrics and hardware tokens can be used to harden the authentication process
• The principles behind modern cryptography, including symmetric and asymmetric algorithms, hashes, and certificates
• The laws and regulations that protect systems and data
• Anti-malware tools, firewalls, and intrusion detection systems
• Vulnerabilities such as buffer overflows and race conditions
A valuable resource for beginning security professionals, network systems administrators, or anyone new to the field, Foundations of Information Security is a great place to start your journey into the dynamic and rewarding field of information security.
248 pages, Kindle Edition
Published October 15, 2019
49 people are currently reading
190 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 21 of 21 reviews
April 29, 2021
This was a textbook for an information security class, and we read a lot—but not all—of it. It’s not as dry or hard to understand as it looks. The explanations were mostly understandable to a beginner, so take heart if this has been assigned to you—it’s not agony to read!
January 17, 2020
I work for a cybersecurity company, in a none cybersecurity role.
This book was a great intro into a lot of the terms that are used daily in my environment, and gave me a much better understanding of a lot of the concerns that we deal with. It explained them in a very understandable way, and gave enough suggestions for external resources that I could choose to dive deeper into the sections that interested me more.
Not really a book for those who are already experts, but great for people just entering into security.
This book was a great intro into a lot of the terms that are used daily in my environment, and gave me a much better understanding of a lot of the concerns that we deal with. It explained them in a very understandable way, and gave enough suggestions for external resources that I could choose to dive deeper into the sections that interested me more.
Not really a book for those who are already experts, but great for people just entering into security.
January 26, 2021
The title warns the reader about the intents of the book: a shallow but pretty wide coverage of the infosec field. Do not expect hands-on training here because you will not find anything more technical than tools recommendations and a good bibliography. However the book will leave you with a nice overview of the threats your IT infrastructure may face and of the steps to take to secure it.
November 23, 2022
This is a good introduction to a very broad field. This book covers an enormous amount of ground in only four hundred or so pages, but when dealing with such a broad field, it understandably focuses on high level discussion.
Like probably most of the readers of this book, I’ve picked it up for a course. It’s well referenced and has plenty of pointers for further reading. It would have been nice to see some of the case studies expanded upon further, but as a high level introduction to the field, it works rather well.
Like probably most of the readers of this book, I’ve picked it up for a course. It’s well referenced and has plenty of pointers for further reading. It would have been nice to see some of the case studies expanded upon further, but as a high level introduction to the field, it works rather well.
August 12, 2024
Interesting book, touches a broad set of topics (as a trade-off, it remains at the surface). But it also touches things like HIPAA, PCI-DSS and friends.
September 27, 2020
This book is a good introduction to information security. It covers many topics (cryptography, network security, human factors, regulations, etc...) in a clear, concise style. Each chapter deals with a specific topic, presenting the potential threats and the possible ways to mitigate them. There is a brief recap at the end of each chapter and a dozen of questions (although I did not find any answer even at the end of the book ; maybe on an accompanying website ?).
What I did not really like, but it is just a matter of personal taste and it has nothing to do with the author's writing, is that information security as presented in the book seems a bit boring. There is a lot of monitoring, surveys, audits, writing reports, etc... involved. I wish it had been more technical ; a book about ethical hacking, pen-testing or malware analysis would have appealed more to me I think. Information security seems intended for admins rather than nerds.
What I did not really like, but it is just a matter of personal taste and it has nothing to do with the author's writing, is that information security as presented in the book seems a bit boring. There is a lot of monitoring, surveys, audits, writing reports, etc... involved. I wish it had been more technical ; a book about ethical hacking, pen-testing or malware analysis would have appealed more to me I think. Information security seems intended for admins rather than nerds.
April 25, 2021
This is an extremely broad and shallow overview of infosec, but one that may be invaluable for someone that is currently learning or just needs a refresher for basic concepts.
I would advise perhaps giving it a read before and after certification tests etc to recognize and fill knowledge gaps. It could also serve as a nice reference for someone that is in IT but not a security role so that they can better grasp relevant concepts.
I would advise perhaps giving it a read before and after certification tests etc to recognize and fill knowledge gaps. It could also serve as a nice reference for someone that is in IT but not a security role so that they can better grasp relevant concepts.
May 9, 2021
Very informative book about the basics of security. It doesn't go too deep into topics, but it gives you a general idea about them, it also introduces you to several tools that you can play with. If you are an experienced hacker this book may not be for you, or maybe it's if you want to be sure you know the basics.
April 11, 2022
I like the way this book is structured as a general introduction into a field of information security. It gives a brief overview of main concepts of IT security, the tools and practices, but don't expect it to be a step by step in depth guide into a certain domain, because it only scratches a surface of fields within it.
January 6, 2021
Good Overview.
I have been listening to Security Now for years and also Darknet Diaries so nothing earth shatteringly new here (at least for me) but it was nice to have it all in one place. There were few little tidbits that I picked up that I had somehow missed.
I have been listening to Security Now for years and also Darknet Diaries so nothing earth shatteringly new here (at least for me) but it was nice to have it all in one place. There were few little tidbits that I picked up that I had somehow missed.
October 11, 2021
A recommended read for everyone interested in computer-related security. The book will not contain any technology-specific advices, but it will provide the reader with everything they have to know in order to property research the topic further.
March 30, 2022
I really enjoyed it.
I have been getting into information security (infosec) lately.
This book did a great job at looking at the theory behind infosec.
Would recommend as a great way to get into the field.
4.7/5
I have been getting into information security (infosec) lately.
This book did a great job at looking at the theory behind infosec.
Would recommend as a great way to get into the field.
4.7/5
June 25, 2020
I'm just entering the cybersecurity world, and that book gave me a general (non technical) view of the needs, problems and solutions of this world.
December 5, 2020
A dry, but complete and well-constructed, introduction to topics of information security. The most efficient introduction to the subject I've seen.
April 19, 2024
Good, but needs better examples.
April 19, 2024
A nice introductory overview.
May 22, 2024
Great book
This is must read book for individuals who are interested in the cyber security field. As a newbie, this provides a solid foundation on the technological concepts.
This is must read book for individuals who are interested in the cyber security field. As a newbie, this provides a solid foundation on the technological concepts.
November 23, 2025
Grundläggande, men bra introduktion. Blev mest nöjesläsning för egen del.
September 10, 2021
A decent but unengaging overview of the fundamentals of information security (infosec). Each chapter ends with a summary and exercises. It's intended for those new to the infosec field. It covers a range of topics, including cryptography, operations security, the human element, physical security, network security, mobile security, Internet of Things security, and how to assess security.
I read this to learn more about information security.
Notes
What is Information Security?
"Although you may never get to a state that you can definitively call 'secure,' you can take steps in the right direction."
Identification and Authentication
Authentication factors: something you know, something you are, something you have, something you do, and where you are.
Operations Security
OPSEC (operations security): process used to protect your information. It involves not only putting security measures in place, but also identifying specifically what you need to protect, and what to protect it against.
Laws of Operations Security
• "First Law: Know the Threats." "If you don't know the threat, how do you know what to protect?"
• "Second Law: Know What to Protect." "If you don't know what to protect, how do you know you are protecting it?" Identify your critical info.
• "Third Law: Protect the Information." "If you are not protecting [the information], … THE DRAGON WINS!" If you don't protect your information from the dragon (adversaries or competitors), they win by default.
Human Element Security
Types of intelligence
• Human intelligence (HUMINT): data gathered by observing and talking to people.
• Open source intelligence (OSINT): data gathered from publicly available sources (social media, public records, search engines, metadata, etc.).
• Geospatial intelligence (GEOINT): geographical data, typically from satellites.
• Measurement and signature intelligence (MASINT): measurement and signature data from sensors (optical readers, weather readers, radar, etc.).
• Signals intelligence (SIGINT): data gathered by intercepting signals between people or systems. Called communications intelligence (COMINT) for communications between people and electronic intelligence (ELINT) for communications between systems.
• Technical intelligence (TECHINT): data about equipment, technology, and weapons, often collected to develop countermeasures.
• Financial intelligence (FININT): data about the financial activity of companies and individuals, often acquired from financial institutions.
• Cyber intelligence/digital network intelligence (CYBINT/DNINT): data gathered from computer systems and networks.
Mobile, Embedded, and Internet of Things Security
When you first configure an Internet of Things (IoT) device, change the administrative password.
Update the firmware of IoT devices to patch holes.
I read this to learn more about information security.
Notes
What is Information Security?
"Although you may never get to a state that you can definitively call 'secure,' you can take steps in the right direction."
Identification and Authentication
Authentication factors: something you know, something you are, something you have, something you do, and where you are.
Operations Security
OPSEC (operations security): process used to protect your information. It involves not only putting security measures in place, but also identifying specifically what you need to protect, and what to protect it against.
Laws of Operations Security
• "First Law: Know the Threats." "If you don't know the threat, how do you know what to protect?"
• "Second Law: Know What to Protect." "If you don't know what to protect, how do you know you are protecting it?" Identify your critical info.
• "Third Law: Protect the Information." "If you are not protecting [the information], … THE DRAGON WINS!" If you don't protect your information from the dragon (adversaries or competitors), they win by default.
Human Element Security
Types of intelligence
• Human intelligence (HUMINT): data gathered by observing and talking to people.
• Open source intelligence (OSINT): data gathered from publicly available sources (social media, public records, search engines, metadata, etc.).
• Geospatial intelligence (GEOINT): geographical data, typically from satellites.
• Measurement and signature intelligence (MASINT): measurement and signature data from sensors (optical readers, weather readers, radar, etc.).
• Signals intelligence (SIGINT): data gathered by intercepting signals between people or systems. Called communications intelligence (COMINT) for communications between people and electronic intelligence (ELINT) for communications between systems.
• Technical intelligence (TECHINT): data about equipment, technology, and weapons, often collected to develop countermeasures.
• Financial intelligence (FININT): data about the financial activity of companies and individuals, often acquired from financial institutions.
• Cyber intelligence/digital network intelligence (CYBINT/DNINT): data gathered from computer systems and networks.
Mobile, Embedded, and Internet of Things Security
When you first configure an Internet of Things (IoT) device, change the administrative password.
Update the firmware of IoT devices to patch holes.
March 1, 2022
A short Introduction to Information Security.
October 25, 2025
Great textbook as a very first intro to information security. If you don't know much about infosec, this is a great first read to get introduced. This was used in my fundamentals of infosec class.
Displaying 1 - 21 of 21 reviews