Foundations of Information Security

Foundations of Information Security

A Straightforward Introduction
by Jason Andress
October 2019, 248 pp.

Look Inside!

Foundations of Information SecurityFoundationInfoSecPG71FoundationInfoSecPG135FoundationInfoSecPG175

Download Chapter 3: Authorization and Access Controls

“This book is an excellent starting point for future security professionals but also network and system administrators.”
Help Net Security


A high-level survey of the information security field by best-selling author Jason Andress. The book covers the basics of a wide variety of topics, from authentication and authorization to maintaining confidentiality and performing penetration testing.

Using real-world security breaches as examples, Foundations of Information Security explores common applications of these concepts, such as operations security, network design, hardening and patching operating systems, securing mobile devices, as well as tools for assessing the security of hosts and applications.

You’ll also learn the basics of topics like:

  • Multifactor authentication and how biometrics and hardware tokens can be used to harden the authentication process
  • The principles behind modern cryptography, including symmetric and asymmetric algorithms, hashes, and certificates
  • The laws and regulations that protect systems and data
  • Anti-malware tools, firewalls, and intrusion detection systems
  • Vulnerabilities such as buffer overflows and race conditions

A valuable resource for beginning security professionals, network systems administrators, or anyone new to the field, Foundations of Information Security is a great place to start your journey into the dynamic and rewarding field of information security.

Author Bio 

Dr. Jason Andress is a seasoned security professional, security researcher, and technophile. He has been writing on security topics for over a decade, covering data security, network security, hardware security, penetration testing, and digital forensics, among others.

Table of contents 


Chapter 1: What is Information Security?
Chapter 2: Indentification and Authentication
Chapter 3: Authorization and Access Control
Chapter 4: Auditing and Accountability
Chapter 5: Cryptography
Chapter 6: Compliance, Laws, and Regulations
Chapter 7: Operations Security
Chapter 8: Human Element Security
Chapter 9: Physical Security
Chapter 10: Network Security
Chapter 11: Operating System Security
Chapter 12: Mobile, Embedded, and Internet of Things Security
Chapter 13: Application Security
Chapter 14: Assessing Security


View the detailed Table of Contents
View the Index


“This book is an excellent starting point for future security professionals but also network and system administrators.”
—Help Net Security

"A thorough overview for many different areas within security. The author explains what and more importantly why, then illustrates each concept with concrete, realistic examples. Definitely a great addition to any security engineer's library, but also less technical people who want to learn more about common topics like defense in depth."
—Seth Foley

"If you’re new to info security or are looking to refresh your knowledge, then this is an ideal book. It’s easy to read and makes the information fun to consume."
—HaXez, Blogger and YouTuber


View the latest errata.