Dalpiaz et al. set out to address both students and practitioners with this book.

Chapter 2 starts with a very high-level overview of computer and information security. The basic requirements--confidentiality, integrity, and availability--and composite requirements--authenticity, reliability, and accountability--are covered in a few paragraphs each. A few pages are dedicated to risk analysis and one section looks at security mechanisms. For an introductory chapter, it is acceptable, but one might argue that security mechanisms should be introduced only at a later stage.

Chapters 3 and 4 describe a modeling language for socio-technical security related to a European Union (EU) project (http://www.sts-tool.eu). This chapter goes into depth on how to model systems and is a good resource for students who use this methodology and tool for class assignments.

Building on these models, the security requirements engineer can then run some automated tests to check the model and to discover conflicts. Based on these checks (chapter 5), the authors describe a security method (chapter 6); in chapters 7 and 8, they show readers how to use it in case studies. The final 18 pages of the book briefly describe other approaches that could be used.

The book is well written and useful if you plan to use the methods and the tool developed in the EU project. For a general textbook on the subject, broader coverage of alternative methods and how, for instance, the unified modeling language (UML) might be used for the case studies would have been good.