on 27 May 2009
This has to be one of the most interesting, absorbing books I have read in a long time. Bruce Schneier, undoubtedly the world's leading expert on the subject, presents this remarkable collection of essays on computer security. The book divides the collection of essays in 12 chapters on topics ranging from national security policy and privacy to economics and psychology.
It is refreshing to see a commonsense perspective on technological and security matters. Schneier sets the scene right from the start in an introduction to say 'all security involves trade-offs'. The theme, summarising the entire book as it were, cuts across the various domains covered by the essays and in fact presents a very practical guiding principle for security researchers and practitioners.
Chapter 8 on the economics of security is my favourite. It covers an exciting intersection that has emerged between the two disciplines, economics and information security, one which explains why economic motivation is important if security is to improve. Chapter 5 on identity cards and chapter 9 on the psychology of security are other chapters that I enjoyed reading the most.
The author's writing style is captivating. Every essay is succinct, mostly focussing on a problem and bringing out the often subtle issues immediately. The author manages to express complex ideas in simple words and draws clear conclusions at the end of every essay.
For those teaching the subject, this book is full of interesting case studies and discussions to be shared amongst students. I would recommend bringing in such insightful perspectives into the curriculum so the professionals of tomorrow can learn from the mistakes of the past.
Think of this book as a form of Schneier's vast experience and intelligence distilled into little chunks of wisdom each conveying the message simply one by one. This is priceless.
on 5 November 2009
If it succeeds in no other way than to make you think, then this book fulfils its task. Given that we live in paranoid times when it comes to security, this book strips away so much of the rubbish that is touted by so-called experts and ill-informed politicians.
The author rants on a bit like an IT version of Michael Moore, but neveretheless makes valid points when examining security in the light of reason and logic. I work in IT and welcome a questioning attitude - this book certainly helps you to question accepted methods of security.
The only minor criticism is that the chronology of the articles reproduced in the book jumps around a bit. However, this is a great volume to dip in and out of and is well worth a read.
on 11 June 2013
Very interesting and thought provoking book... and a good place to start for anyone wanting to be a "security expert". Get the philosophy right BEFORE discussing how to achieve national, physical, personal or cyber security.
Well written and engaging style. Book is essentially drawn from a series of blog posts written by the author over his many years of security (book is organized by topic, rather than date written).
Note the cyber security chapters are well well worth reading - though this is just a high level introduction to this very complex topic.
on 15 September 2011
Although Bruce Schneier is (perhaps) better known for his work in cryptography and computer security, his expertise is far more extensive and this collection of articles and essays demonstrate why he is considered one of the world's foremost security experts. All of the writings in this compilation exemplify his customary brevity, trademark clarity, and peerless familiarity with a wide-range of security matters and it is a must-read for anyone with an interest in society's relationship with its own security.
Moreover, despite covering so much ground and such diverse topics as airport screening and voting machines, it is difficult to quibble with anything Schneier writes: replete with pragmatism and insight, every essay articulates succinctly (and usually in less than a thousand words) what many of us feel intuitively about the constant battle for the feeling (the illusion?) of security. Of course, the fact that all of the material deals with similar issues and that the essays have been arranged by topic means that the "overlap" (p.vii) is extensive and there is a feeling of repetitiveness throughout: nonetheless, some of this work is so important that it should be required reading! Worthy of special mention are; Who Owns Your Computer (p.161 - 163), Cyberwar (p.218 - 220), and Computer and Information Security (p.227 - 230). More than any others, these three influential essays capture the essence of the ongoing privacy debate.
In summary, this is a superb introduction to security and how decisions designed to enhance our security often (usually!) curtail our liberty - as Schneier points out, "security is a trade-off" (p.vii), but any trade is better evaluated with a clear head and an informed opinion: that's what this book offers. You can find much (but not all) of this material online, but the collection provides a wonderful body of knowledge and a superb resource that deserves a wider audience than it will likely attract.
on 5 April 2015
What a good read, the book is written in high level language making it an easy read, while the book does not dive into technical details on IT security the broad look at security in general is refreshing. The book manages to make you pose and evaluate your own views on security.
The pragmatic analysis of conventional security is brilliant if only most security analysts applied the same logic we would all be more secure. The book is well written and an enjoyable read.
on 10 October 2009
An excellent book.
A series of essays from his monthly newsletters this collection is a first class resource for advice about security concerns expressed from time to time. It is true that the 'security mind' takes a very different world view to most mortals and, for this reason alone, it is worth buying this illuminating book.