Recommended Reading: Getting Smart About Information Security

p. R2

Bruce Schneier, founder and chief technical officer of Counterpane Internet Security Inc., has spent much of his career educating people about digital security.

His book, "Secrets and Lies: Digital Security in a Networked World," serves as a non-technical introduction to the full, messy complexity of digital security.

Most recently, Mr. Schneier wrote, "Beyond Fear: Thinking Sensibly About Security in an Uncertain World." This book about security technology—computer and otherwise, is geared toward the intelligent layman: anyone from a security engineer to a concerned citizen. "Thinking about security means thinking differently," he says, and he believes people who read the book will never look at security the same way again.

Mr. Schneier also takes a regular look at the full spectrum of security issues in his free monthly newsletter, Crypto-Gram. "I find myself spending a lot of time explaining the news, or taking security news stories and pointing out the general lessons," he says.

Here are some of his other suggestions for the best resources for getting up to speed on digital security:--Beckey Bright

"Security Engineering: A Guide to Building Dependable Distributed Systems" By Ross Anderson
"This is an interesting and highly readable book about secure systems design. Mr. Anderson uses many examples, some having nothing to do with computers, to illustrate how to design things properly and the myriad ways security can fail if you don't."

Risks Digest, Moderated by Peter Neumann
"For 20 years Peter Neumann has been moderating this Internet forum on computer-related risks. If it has gone wrong and it involves computers, it's been talked about here. In 1994, much of the interesting stuff from the forum was published in a book called 'Computer-Related Risks.'"

"The Digital Person: Technology And Privacy In The Information Age" By Daniel Solove
"Solove is a law professor, and one of the few that truly understands the intersection of security law and technology. This book is a fascinating journey into the almost surreal ways personal information is hoarded, used, and abused in the digital age."

"The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet" By David Kahn
"The title says it all. This huge book is a fascinating look at cryptography from the beginning of writing to today. Although primarily pre-digital, an absolute must any information security library."

"Information Warfare & Security," By Dorothy E. Denning
"Denning has been writing about security for decades. This is a good introduction to both information warfare and information crime, and includes examples from the First Gulf War."

"Know Your Enemy: Learning About Security Threats" By the Honeynet Project
"You can't understand security unless you understand the threat. The Honeynet Project collects data on computer hackers and criminals, including their techniques, their tools, their successes and their failures. They also have a bunch of great research papers online at"

"Firewalls and Internet Security 2nd Edition" By William R. Cheswick, Steven M. Bellovin and Aviel D. Rubin
"This updated volume, published in 2003, is a bit dated, but it's still the best introduction to UNIX security out there." (The entire text of the first edition is available online at:

"Hacking Exposed: Network Security Secrets and Solutions," By Stuart McClure, Joel Scambray, and George Kurtz
"This is computer security from the point of view of the attacker. It's real technical, but real good. And if you like it, there's a plethora of other 'Hacking Exposed' titles available."

"Building Secure Software: How to Avoid Security Problems the Right Way" By John Viega and Gary McGraw
"Security is much easier, and cheaper, to build in from the beginning than to add it on afterwards. This book explains how to do that with software. Although it's a bit techie at times, this book is for anyone involved in software design, from managers to programmers."

Categories: Articles, Text

Sidebar photo of Bruce Schneier by Joe MacInnis.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.