Books: Schneier's 'Beyond Fear;' O'Reilly's 'Network Security;' Global Whistleblowing
June 8, 2004
Here are some recently released top-quality books:
Beyond Fear: Thinking Sensibly About Security In An Uncertain World, by Bruce Schneier. Schneier continues proving himself a leading thinker on security issues, in part because he continues to evolve from an expert who first approached security as a techno-centrist to one who now sees security as a process involving a broader set of factors, including power, agenda, bureaucracy and people. A goal of the latest book is to take the lessons that Schneier has learned in his computer security work and apply them to other security concerns, like protecting the nation from terrorist attacks, or protecting homes from burglars.
A theme of this latest book, Schneier's third in a series, is that "security" always involves "trade-offs." He outlines five steps for evaluating a security program's worth: (1) What assets are you trying to protect? (2) What are the risks to these assets? (3) How well does the security solutions mitigate the risks? (4) What other risks does the security solution cause? (5) What costs and trade-offs does the security solution impose? While acknowledging that these are very basic questions, the book gets interesting when he explains in detail what each one means, and, then applies them to a wide-ranging set of everyday examples.
Some of the themes are reflected in the Chapter titles: "Systems and How They Fail;" "Knowing the Attackers;" "Technology Creates Security Imbalances;" "Brittleness Makes For Bad Security;" "Security Revolves Around People"
"Good security has people in charge. People are resilient. People can improvise. People can be creative... When a security system succeeds in the face of a new or coordinated or devastating attack, it's usually due to the efforts of people." Schneier then gives the example of Diana Dean, the U.S. Customs Service agent in Port Angeles, Wash., who became suspicious of, and detained, Ahmed Ressam in 1999. The move helped prevent the planned Millennium bombing at Los Angeles Intl. Airport. $25 (www.copernicusbooks.com)
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc..