Secrets and Lies Book Is Encyclopedic
Do you need to know about security? Of course. But first, you have to accept that it’s impossible to know everything. Then you have to decide how much you need to know.
Understanding the limits of computer and network security and the limits of knowledge about those topics is one of the main purposes of Bruce Schneier’s book “Secrets and Lies: Digital Security in a Networked World,” published by John Wiley & Sons Inc.
Although Schneier’s style is lively and spiced with unusual vocabulary (try looking up “banausic” and “flagitious” in your Funk and Wagnalls), no one is going to pick up this book for the sake of a good read. They want the information contained therein.
At 400 pages, “Secrets and Lies” is far more than an executive summary, yet it hardly goes into the depth that is possible and that will be needed by some readers on certain topics. The best way to understand this book is as a single-volume encyclopedia. Everything is covered in at least some detail. Those who want to dig deeper on a given topic can head to the library.
Some things, almost everyone with a cursory familiarity with computers will know. For example, everyone knows what cookies are. And sometimes Schneier’s attempts to be rudimentary can be painful. Consider the lead sentence under the heading “How Networks Work”‘: “Computer networks are bunches of computers connected to each other.” But giving Schneier his due, such sentences are soon followed by more rewarding depth.
The book is at its best when it gets down to specifics about what to do, and these recommendations are near the end, when the author describes threat modeling and risk assessment. His advice is to rely on security processes, rather than technology, to keep your data secure, and he offers a good, practical guide to establishing a countermeasures strategy.
After offering the reader a minicourse in security, almost paradoxically, the author says that IT managers don’t have the expertise to provide maximum security for their companies but should call on outside specialists. Even then, he advises, keep looking over your shoulder and be ready for the worst. But, all in all, as a broad and readable security guide, “Secrets and Lies” should be near the top of the IT required-reading list.