Securing Systems —— Applied Security Architecture and Threat Models

When I read the reviews, I thought wow what a great book. After I received the book and looked throughout I knew it’s one of those moments when you feel so badly fooled and screwed. Honestly the book isn’t worth the paper it’s written on. I couldn’t get over the fact it was so weak and corny. I mean the writer didn’t even make an effort to even draw some nice diagrams, looks like he flogged a few pictures of some poorly scanned images, I mean how hard as an architect to draw a proper Visio picture or even a PowerPoint picture. All that aside and the content is just another massive let down You buy a technology book and you get like a couple of chapters of introduction about someone’s Life and some history. Mate books aren’t meant to just count pages. You want to write a book about a topic you should at least introduce something new or of substance not just some useless text that you’ve collected here and there. I’ve been in cyber security for 25 years and as an architect more than 10 years and this book is no where near an introductory cyber security book. This was just $180 gone down the drain for me, but if I was you and reading these comments I’ll Save my money for something better. You’re much better off going through the Free Microsoft Azure security Architecture Patterns or google security designs Such a freakin waste of money !! Such a disappointment!

I was assigned this book for an information systems security graduate-level course, and it is easily the worst yet that has been used in this degree path. The author has an aggravating tendency to pose questions in the early parts of chapters, then absolutely does not provide direct, straightforward answers to them. It's almost like he set out to be as circumspect and cryptic as possible in order to confuse potential students, or really anyone trying to learn the material. Also, I feel like he spends a good deal of time stroking his own ego in the text rather than trying to impart useful information. Add to these criticisms that the book is written and designed in an exceedingly boring manner. Can't wait to plod through it and move on!

This is a solid entry in the list of "must read books" for software security architecture and threat modeling. Brook Schoenfield's writing is clear and concise - it is always a pleasure for me to read his writing. For a great introduction to Brook's writing, also read his chapter "Applying the SDL Framework to the Real World" in Core Software Security Core Software Security: Security at the Source , another highly recommended book. In this book, Brook helps you understand aspects of security architecture and introduces his recommendations for running a security assessment. It is the security assessment part (i.e. threat modeling) that drew me to the book and for which the book shines. Brook talks about applying the threat modeling pedagogy ATASM which stands for: ATASM Architecture Threats Attack Surfaces Mitigations Using these tools, a software or security architect is able to decompose the system (understand the architecture), enumerate the threats, expose what attack surfaces are present in the architecture, and finally determine the best ways to mitigate the threats and attack surfaces with sufficient security controls. Brook gives several examples of applying ATASM to sample systems such as an eCommerce Website, a mobile security system, a Cloud-based Software as a Service (SaaS) system, and several others. I thoroughly enjoyed this book and I have been recommending it to all my clients in my own threat modeling practice.

I felt like I was having a riveting conversation with Brook. His book is one of the best and most exciting software security books I have ever read. Brook is a great guy and knows his security architecture. Awesome book, five stars!!!

I'm assigned this book for a graduate-level course in cybersecurity. The author starts off by describing this book as being aimed at entry-level practitioners but immediately goes into technical jargon that demands a certain level of acumen prior to being able to fully handle the material. He does clarify that you're expected to have some degree of competency going in but never delineates what that would be. Chapters 1&2 are not terrible. Chapter 3 seems to ramble and really lacks a salient point. I should also mention that Ch3 is 50 pages. I'll put it like this, there is likely some good information in this book, but it really needed to be edited and organized in a better way. The concepts are scattered and rambling. It's unclear what my learning objectives for any chapter or section are, as the point is immediately lost in some high-level discussion about examples that are never explained. I believe that either this book is more for the intermediate practitioner or he needs someone with technical writing skills to cut this thing up and put it back together in something that is more accessible for the stated target audience.

When I read the reviews, I thought wow what a great book. After I received the book and looked throughout I knew it’s one of those moments when you feel so badly fooled and screwed. Honestly the book isn’t worth the paper it’s written on. I couldn’t get over the fact it was so weak and corny. I mean the writer didn’t even make an effort to even draw some nice diagrams, looks like he flogged a few pictures of some poorly scanned images, I mean how hard as an architect to draw a proper Visio picture or even a PowerPoint picture. All that aside and the content is just another massive let down You buy a technology book and you get like a couple of chapters of introduction about someone’s Life and some history. Mate books aren’t meant to just count pages. You want to write a book about a topic you should at least introduce something new or of substance not just some useless text that you’ve collected here and there. I’ve been in cyber security for 25 years and as an architect more than 10 years and this book is no where near an introductory cyber security book. This was just $180 gone down the drain for me, but if I was you and reading these comments I’ll Save my money for something better. You’re much better off going through the Free Microsoft Azure security Architecture Patterns or google security designs Such a freakin waste of money !! Such a disappointment!

I was assigned this book for an information systems security graduate-level course, and it is easily the worst yet that has been used in this degree path. The author has an aggravating tendency to pose questions in the early parts of chapters, then absolutely does not provide direct, straightforward answers to them. It's almost like he set out to be as circumspect and cryptic as possible in order to confuse potential students, or really anyone trying to learn the material. Also, I feel like he spends a good deal of time stroking his own ego in the text rather than trying to impart useful information. Add to these criticisms that the book is written and designed in an exceedingly boring manner. Can't wait to plod through it and move on!

This book was required reading for a graduate-level course. Historically, I have been pleased with books from "CRC Press". I don't want to beat the author up, but seriously this book could be reduced by 75%. I get so lost in the constant repetition of information and barrage of acronyms that seem to pop out of thin air. When I write material for an auditor, I will typically write out the acronym and then place the acronym immediately after in parenthesis. This informs the reader that from this point forward this acronym will be used.

, another highly recommended book. In this book, Brook helps you understand aspects of security architecture and introduces his recommendations for running a security assessment. It is the security assessment part (i.e. threat modeling) that drew me to the book and for which the book shines. Brook talks about applying the threat modeling pedagogy ATASM which stands for: ATASM Architecture Threats Attack Surfaces Mitigations Using these tools, a software or security architect is able to decompose the system (understand the architecture), enumerate the threats, expose what attack surfaces are present in the architecture, and finally determine the best ways to mitigate the threats and attack surfaces with sufficient security controls. Brook gives several examples of applying ATASM to sample systems such as an eCommerce Website, a mobile security system, a Cloud-based Software as a Service (SaaS) system, and several others. I thoroughly enjoyed this book and I have been recommending it to all my clients in my own threat modeling practice.

I felt like I was having a riveting conversation with Brook. His book is one of the best and most exciting software security books I have ever read. Brook is a great guy and knows his security architecture. Awesome book, five stars!!!

I'm assigned this book for a graduate-level course in cybersecurity. The author starts off by describing this book as being aimed at entry-level practitioners but immediately goes into technical jargon that demands a certain level of acumen prior to being able to fully handle the material. He does clarify that you're expected to have some degree of competency going in but never delineates what that would be. Chapters 1&2 are not terrible. Chapter 3 seems to ramble and really lacks a salient point. I should also mention that Ch3 is 50 pages. I'll put it like this, there is likely some good information in this book, but it really needed to be edited and organized in a better way. The concepts are scattered and rambling. It's unclear what my learning objectives for any chapter or section are, as the point is immediately lost in some high-level discussion about examples that are never explained. I believe that either this book is more for the intermediate practitioner or he needs someone with technical writing skills to cut this thing up and put it back together in something that is more accessible for the stated target audience.