The latest volume in the MIT Press Essential Knowledge Series is Cybsecurity, by Duane C. Wilson. The book is being released on September 14, 2021, but it is available for pre-order now. In keeping with the series’ goal of offering accessible, concise pocket-sized books on topics of current interest, Cybersecurity offers a useful rundown of definitions and explanations about cybersecurity for the everyday user. It covers subjects such as cryptography and public key infrastructure, malware, blockchain and more.
At 160 pages, the book is very easy to digest. A glossary adds to its value for the general reader. Wilson is highly skilled at explaining advanced concepts in easy-to-understand language. In this, he is doing a great service to the fields of information technology, business and government—as it seems today that everyone needs to be a cybersecurity practitioner at some level. In our day-to-day lives, we are routinely asked to make decisions about our data privacy, for example. This book describes how the underlying mechanisms of data privacy work, along with many other relevant areas of knowledge.
The book contains a helpful overall discussion of the origins of cybersecurity, a discipline that predates the digital age. Protecting information has been a goal of the military and industry for centuries, with a variety of ingenious techniques developed along the way to defend against nosy adversaries. The computer has served as a vast accelerator of these practices.
Wilson then covers subjects such as cryptography, an area of technology where most of us (including myself) think we know more about it than we actually do. He gives the reader a straight explanation of the common approaches to encryption. He also delves into the layers of cybersecurity, establishing for the reader that security is not a single solution, but rather an orchestration of many different technologies and policies.
One interesting aspect of the book relates to Wilson’s assertion that there are six “pillars” of cybersecurity. Traditional “infosec” would have you think there are just three: confidentiality, integrity, and availability. Wilson adds authentication, authorization, and non-repudiation, which refers to validating the source of information. Experts might disagree, but it’s a valid point, in my view. You cannot really have confidence in data integrity, for instance, if you cannot authenticate system users.
This book is highly relevant today, as it seems that every object in modern life is now connected to the internet. As Wilson points out, all of this connectivity creates risk exposure. Convenient as it may be, for example, to have a smart phone, the device makes our data more vulnerable to theft.