Cyber Canon Book Review: Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time

Cyber Canon Book Review: “Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time,” 2018, by O. Sami Saydjari

Book Reviewed by: Ben Rothke

Bottom Line: I recommend this book for the Cybersecurity Canon Hall of Fame.



Imagine a 100-story building designed with a few clicks and plug-ins, with no oversight, no safety review, being built in an unregulated industrial zone. Imagine both the designers and builders, who likewise really didn’t have any significant expertise in their respective fields. Most people would never step into the building due to safety concerns. Companies would never entertain the ludicrous notion of moving their employees into such a building. 

Yet when it comes to IT systems, many of which are mission critical and operating in a crucial infrastructure, they are similarly built without any information security or privacy review. The ease of use of which insecure systems, networks and applications can be built, often under the radar of IT, is a cause for concern. 

In “Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time,” author O. Sami Saydjari has written a fantastic guide on how to design highly secure systems that can ensure the effective security and privacy of personal information. 

New Yorkers know the radio station 1010 WINS tagline: “You give us 22 minutes, we’ll give you the world.” It’s no exaggeration to claim that one could create a significantly sized, cloud-based IT infrastructure in AWS in 22 minutes. It’s also no exaggeration to claim that such an infrastructure would be seriously lacking in security and privacy controls. That is where “Engineering Trustworthy Systems” comes into play as a fantastic guide on how to design highly secure systems.

The first guide to really detail how to do that was Ross Anderson’s classic reference, “Security Engineering: A Guide to Building Dependable Distributed Systems.” Written in 2001 and updated in 2008, the world of information security has since changed and transformed radically. “Engineering Trustworthy Systems fills in a lot of those gaps. Somewhat surprisingly, Saydjari doesn’t reference Anderson’s book. 

Engineering Trustworthy Systems is quite valuable for a wide range of readers: from those looking to get a detailed understanding of information security to those looking to use it as a college text for a multi-semester course.

An interesting observation Saydjari makes at the beginning is that those designing secure systems must approach cybersecurity design as an immune system, not as a single white blood cell. Too many security administrators think a border firewall and a DMZ are enough to secure their infrastructure. Anyone using such an approach will be sorely disappointed. Breaches are likely in a matter of hours. 

Saydjari packs a huge amount of material into this nearly 500-page work. The 25 chapters are written in a procedural manner. They walk the reader through the core areas of information security and cover all of the fundamentals. He also makes able use of charts and diagrams to provide a detailed understanding of the topic at hand.

The message the book conveys is that information security requires a rigorous and disciplined approach via formal engineering methods. Getting that large IT infrastructure up and running in AWS is the easy part. Ensuring it is engineered securely, and stays secure, is an entirely different matter. The book takes this orderly, holistic approach to the topic, and guides the reader through the various layers of information security that need to be built into systems. 

What one gets from reading this book is the breadth of details that encompass a secure system. For too many people, it’s about firewalls, Active Directory GPO or AWS security policies. Since attackers take a very broad approach, those creating a defensible network must take a similarly broad approach. Saydjari details the importance of not just security in depth but also security in breadth.

The book emphasizes that the trustworthiness of a system is so essential that it must be designed into systems from the very beginning. Lack of such an approach is what has led to many systematic security failures and huge data breaches. 

Another theme of the book is risk quantification. An effective CISO must possess data and communication skills to explain risks to the board. The best guide to do that is “Measuring and Managing Information Risk: A FAIR Approach” by Dr. Jack Freund and Jack Jones. While Saydjari doesn’t quote from the book, he does provide methods on how one can communicate those ideas to senior management, a surefire technique for a corporate board to gain confidence in the information security team. 

For those looking to understand both the importance of designing information security into systems, and a detailed method by which to do that, “Engineering Trustworthy Systems will be a most welcome and invaluable reference.


We modeled the Cybersecurity Canon after the Baseball Hall of Fame and the Rock & Roll Hall of Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number. Please write a review and nominate your favorite.  

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!


The post Cyber Canon Book Review: Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time appeared first on Palo Alto Networks Blog.

Article Link: