I was tasked with building an online course in Cyber security for a major online university, and was assigned the book, "Cyber Security and Global Information Assurance," edited by K.J. Knapp, as the primary textbook for the course.
Knowing that most online students would be in the "continuing education" category, I was hoping that this book would assist those who have some real-world experience into more advanced topics. Unfortunately, the book is highly theoretical and written by academics for academics.
Take chapter 1, for example. In the research of Black Markets for cyber vulnerabilities, the authors selected twelve (12) sites for their study, and based their conclusions on findings from those 12 sites. Never mind that there are literally thousands of hacker, black-market, and torrent sites out there making personal information, exploits and mal-ware available. Because of this tiny data sample, the authors then "hypothesized" and "assumed" their facts and conclusions.
If I were trying to impress a university professor with my scholarship, I would certainly want to include formulae, charts, graphs, and use $100 words, making my thesis appear PhD-ish. This book accomplishes that goal. As an IT systems administrator, however, understanding the sources and theories of cyber exploits is great, but having the actual solutions is better. This book is great on the former, and weak on the latter. "Identify attack paths and block them," is great high-level advice, but there is no "how" or "with what" advice anywhere in that chapter.
It was also clearly evident that many of the contributing authors are not native English speakers, and Mr. Knapp allowed their improper sentence structures and poor grammar to pass through to the final product. Chapter 2, for example, takes the form of a "student's notes" approach to writing. Here's just one out of hundreds of examples: "Amman et al. (2002) shows how assumption of monotonocity helps to address scalability problem of attack graph." [p. 25] Very little proofreading for punctuation was done, either. I don't think Mr. Knapp wanted to offend any of his authors by actually correcting their English; however, that oversight made the book much harder to read than necessary.
Overall, I found the book informative, but I was less impressed with its actual usefulness for system administrators, and was frustrated by the lack of editing.