Review of the Book Beyond Fear

  • Erik Tews
  • IACR Book Reviews
  • March 11, 2010

1. Summary of the review

Bruce Schneier's Beyond Fear is a book about security in general. In contrast to many other books, Schneier explains how security works in the most general case, starting from protecting your diary of your sister to protecting the nation from global terrorism. Schneier's book does not focus on cryptography or network security, instead it uses examples of systems everyone is expected to be familiar with. Such examples include home burglar systems, airport security or hotel room security.

2. Summary of the book

Bruce Schneier's Beyond Fear is about security (in an uncertain world). The book is divided into three major chapters:

Part I: Sensible Security

Schneier explains that almost every security measure requires tradeoffs. These trade-offs might be worse useability of a system, additional costs or a decrease of security in another place. For example making emergency information maps of public buildings public might make it easier for terrorists to attack the building. On the other hand, this lack of information might cause big problems when a fire breaks out. These trade-offs are also viewed differently by different players. It might be easy for a government and the automobile industry to pass a law which makes the use of seat belts in cars mandatory as it requires no extra money to be spend. However, a car driver might find it inconvenient to use these belts and would rather prefer better airbags and breaks in all cars.

Part II: How Security Works

Schneier shows some common design patterns how security can be improved and describes how security can be evaluated in a structured way. He introduces a common scheme which can be used to evaluate a security solution. First, one needs to find out which assets need to be protected and what the risks to these assets are. In the next step, the solution is evaluated how well it mitigates those risks. In the final steps, one needs to check if the solution causes additional risks and which trade-offs are required. After having gone through this evaluation, one can decide if the solution is worth the additional trade-offs and risks. Schneier also describes common patterns how security systems are build and which pitfalls are common.

Part III: The Game of Security

In the last chapter, Schneier explains that there are sometimes multiple players in the game of security. For example the government might be interested in preventing attacks on all airplanes starting or landing from the national airports. Airlines are interested in security too, as long as it helps the airline to earn more money. Too strict security checks costs additional money for the extra workers to perform these checks, and could upset passengers, if they are not allowed to take electronic devices or liquids on board.

3. What is the book like?

The book is a very well structured introduction into security in general. The book does not require any previous knowledge or uses formal methods. The book is not intended to be a school or reference book. Instead, the book also entertains the reader and encourages him thinking rational about security threads and security solutions.

4. Would you recommend this book?

From my point of view, the book is recommended to everybody who starts working in the security business. It also targets everybody, who would like to learn more about the background of various big security projects like a national ID card or security checks at airports. It may be also interesting for people who already work in the business or look for an interesting book in general. The book provides no technical details of security systems or recommendation for vendors of security system. Therefore it is not recommended to readers who need technical details about any kind of security systems.

Categories: Beyond Fear, Book Reviews, Text

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.