Cyber Shelf

// Comparison

Foundations of Information Security vs The Art of Deception: Which Should You Read?

Two cybersecurity books on Foundations, compared honestly: who each is for, what each does best, and which to read first.

Beginner
4/52019
Foundations of Information Security

A Straightforward Introduction

Jason Andress

Jason Andress' compact tour of the field: confidentiality / integrity / availability, identification and authentication, network and OS controls, written for newcomers and adjacent disciplines.

Beginner
4/52002
The Art of Deception

Controlling the Human Element of Security

Kevin Mitnick, William L. Simon

Kevin Mitnick and William Simon's case-study collection of social-engineering attacks: PBX scams, helpdesk impersonation, dumpster-diving, the casual lies that sound true. The technology dates the book; the human side is timeless.

Read this if

Anyone new to the field who wants the entire territory mapped on a single shelf, in a single short book. Andress is the cleanest tour of CIA, IAM, network, software, operations, and crypto for newcomers.
Anyone in red team, awareness training, fraud, or insider-threat work who wants the best printed library of pretext archetypes. Mitnick's call scripts are still the gold standard for understanding how a competent social engineer establishes credibility in 30 seconds.

Skip this if

Anyone who already works in the field. The book is broad and shallow by design; specialists will find every chapter familiar.
Readers wanting current SE tradecraft on phishing, deepfakes, voice cloning, MFA fatigue, or modern OSINT-driven targeting. Treat the technical envelope as a museum piece; only the human core generalizes.

Key takeaways

  • Covers every major domain of security at survey-level depth, which is exactly what a beginner needs to choose a specialization.
  • The operations security chapter is unusually strong for an intro book; most authors skip it because it's unsexy, Andress doesn't.
  • Pairs naturally with one or two deep-dive books per topic from this catalog; treat it as the master index.
  • Most successful pretexts are not lies; they are partial truths weighted toward what the target already wants to do.
  • Helpdesks, third-party vendors, and after-hours staff are still the structural weak points the book identifies — twenty years later, with new technology stacks but the same failure modes.
  • Awareness training built around Mitnick's archetypes outperforms generic phishing-click-rate metrics; the book is the textbook for that approach.

How they compare

Foundations of Information Security and The Art of Deception are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Both books target beginner-level readers, so the choice is about topic, not difficulty.

Foundations of Information Security and The Art of Deception both cover Foundations, so reading them in sequence reinforces the same material from different angles.

Keep reading

Foundations of Information Security

Alternatives to Foundations of Information SecurityWhat to read after Foundations of Information Security

The Art of Deception

Alternatives to The Art of DeceptionWhat to read after The Art of Deception

Related topics

Foundations