Foundations of Information Security
A Straightforward Introduction
Jason Andress' compact tour of the field: confidentiality / integrity / availability, identification and authentication, network and OS controls, written for newcomers and adjacent disciplines.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Jason Andress
- Published
- 2019
- Publisher
- No Starch Press
- Pages
- 248
- Language
- English
Read this if
Anyone new to the field who wants the entire territory mapped on a single shelf, in a single short book. Andress is the cleanest tour of CIA, IAM, network, software, operations, and crypto for newcomers.
Skip this if
Anyone who already works in the field. The book is broad and shallow by design; specialists will find every chapter familiar.
Key takeaways
- Covers every major domain of security at survey-level depth, which is exactly what a beginner needs to choose a specialization.
- The operations security chapter is unusually strong for an intro book; most authors skip it because it's unsexy, Andress doesn't.
- Pairs naturally with one or two deep-dive books per topic from this catalog; treat it as the master index.
Notes
Best read in one or two weekends, not stretched out. Follow with How Cybersecurity Really Works (Grubb) if you're moving in from non-engineering, or jump to Security Engineering (Anderson) once you're ready for depth. The book's brevity is its strength; do not buy a thicker introductory book.
What to read before
What to read before Foundations of Information Security →Beginner · 2021
How Cybersecurity Really Works
Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.
Beginner · 2019
The Pragmatic Programmer
Thomas and Hunt's career-defining set of practical heuristics for writing software professionally — orthogonality, broken-windows, DRY, tracer bullets, and the underlying argument that craftsmanship is a posture, not a process.
Beginner · 2020
Alice and Bob Learn Application Security
Tanya Janca's hands-on AppSec primer covering threat modeling, secure design, secure coding, testing, deployment, and the social side of running an AppSec program — through a friendly, narrative-driven structure.
What to read next
What to read after Foundations of Information Security →Beginner · 2021
How Cybersecurity Really Works
Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.
Intermediate · 2021
Designing Secure Software
Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.
Intermediate · 2012
Practical Malware Analysis
Still the gold standard textbook for static and dynamic malware analysis on Windows.
Explore similar books
Alternatives to Foundations of Information Security →Beginner · 2021
How Cybersecurity Really Works
Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.
Beginner · 2019
The Pragmatic Programmer
Thomas and Hunt's career-defining set of practical heuristics for writing software professionally — orthogonality, broken-windows, DRY, tracer bullets, and the underlying argument that craftsmanship is a posture, not a process.
Beginner · 2025
Linux Basics for Hackers
OccupyTheWeb's introduction to Linux from the angle that hackers and pentesters actually need it: shells, networking, scripting, and Kali tooling.