Foundations of Information Security
A Straightforward Introduction
Jason Andress' compact tour of the field: confidentiality / integrity / availability, identification and authentication, network and OS controls, written for newcomers and adjacent disciplines.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Jason Andress
- Published
- 2019
- Publisher
- No Starch Press
- Pages
- 248
- Language
- English
Read this if
Anyone new to the field who wants the entire territory mapped on a single shelf, in a single short book. Andress is the cleanest tour of CIA, IAM, network, software, operations, and crypto for newcomers.
Skip this if
Anyone who already works in the field. The book is broad and shallow by design; specialists will find every chapter familiar.
Key takeaways
- Covers every major domain of security at survey-level depth, which is exactly what a beginner needs to choose a specialization.
- The operations security chapter is unusually strong for an intro book; most authors skip it because it's unsexy, Andress doesn't.
- Pairs naturally with one or two deep-dive books per topic from this catalog; treat it as the master index.
Notes
Best read in one or two weekends, not stretched out. Follow with How Cybersecurity Really Works (Grubb) if you're moving in from non-engineering, or jump to Security Engineering (Anderson) once you're ready for depth. The book's brevity is its strength; do not buy a thicker introductory book.
What to read before
What to read before Foundations of Information Security →Beginner · 2021
How Cybersecurity Really Works
Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.
Beginner · 2019
The Pragmatic Programmer
Thomas and Hunt's career-defining set of practical heuristics for writing software professionally — orthogonality, broken-windows, DRY, tracer bullets, and the underlying argument that craftsmanship is a posture, not a process.
Beginner · 2020
Alice and Bob Learn Application Security
Tanya Janca's hands-on AppSec primer covering threat modeling, secure design, secure coding, testing, deployment, and the social side of running an AppSec program — through a friendly, narrative-driven structure.
What to read next
What to read after Foundations of Information Security →Intermediate · 2022
Cybersécurité
Solange Ghernaouti's broad academic survey of cybersecurity — risk analysis, governance, technical and legal dimensions — the standard French university reference, now in its 7th edition.
Beginner · 2021
How Cybersecurity Really Works
Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.
Advanced · 2013
Sécurité informatique
A principles-first treatment of information security for DSI, RSSI and sysadmins — architecture, cryptography, network defence and security policy — from two veteran French practitioners.
Explore similar books
Alternatives to Foundations of Information Security →Beginner · 2021
How Cybersecurity Really Works
Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.
Intermediate · 2022
Cybersécurité
Solange Ghernaouti's broad academic survey of cybersecurity — risk analysis, governance, technical and legal dimensions — the standard French university reference, now in its 7th edition.
Advanced · 2013
Sécurité informatique
A principles-first treatment of information security for DSI, RSSI and sysadmins — architecture, cryptography, network defence and security policy — from two veteran French practitioners.