Schneier on Security

Each and every one of us makes security decisions every day, sometimes even without thinking about it. Should i buy items with my credit card or is doing so too risky? Should i park in the underground parking slot or is it safe enough to park on a side-street next to the building? How often should i brush my teeth? These are some of the many security decisions we make every day.

But how often do we stop to think: are we making ‘good’ security decisions or ‘poor’ ones?

Are our decisions based on fear, uncertainty, and doubt, or are our decisions based on real information and a repeatable decision-making process?…

Searching kids and grandmas actually improves airport security, but arming pilots makes us all less secure; shopping with a credit card is just as secure as using it over the phone or by mail. These, and the dozens of other surprising insights in this book, will help you develop a keen sense of what today’s most talked-about security measures can and cannot do.

Security is not mysterious, Bruce Schneier tells us, and contrary to popular belief, it is not hard. What is hard is separating the hype from what really matters. You already make security choices every day, from what side of the street you walk on to whether you park your car under a streetlight. You do it naturally. This book guides you, step by step, through the process of making all your security choices just as natural…

It seems like a good deal: the sign says that if the cashier fails to give a receipt you get your purchase free. Who knows? Maybe you track your expenses or you need the receipt for a reimbursement. Plus, it never hurts to have a shot at something free.

Actually, Bruce Schneier writes, the offer is a clever security maneuver. The store’s owner wants to make sure the cashier rings up sales, and generating a receipt for the customer also creates an internal register receipt. The offer enlists the customer as a security agent—not receiving a receipt means the customer will ask for reimbursement and the manager or owner will be notified that the cashier did not ring up the sale…

The subtitle, “Thinking about security in an uncertain world”, describes this book accurately. Schneier is a security consultant, offering a five-step approach to assess the merits of measures proposed to meet a perceived threat.

His main theme is the threat from terrorism, exemplified by the attacks in the USA on September 11th, 2001, but he also discusses (for example) how householders can protect against intruders, travelers can best guard their possessions or users defend against credit card fraud…

When one becomes more than an expert in an area, he or she generally begins to take a philosophical and abstract view of the subject and gains an ability to explain the essence of the subject in simplistic layman terms. That, in short, would describe Bruce Schneier’s book Beyond Fear.

It’s a question many of us need to ask ourselves. Are we really at risk? Or are we just afraid? Schneier provides us with hundreds of small examples repeatedly emphasizing the need to take another look at our reactions to the recent global security threats. Coming from an expert in security, and cryptologist, the book attempts to wash away the possibility of taking a standard approach to managing security. He dispels the notion that security is only for experts and convincingly proves that anyone can understand security…

Security is a tax on the honest. Schneier, in his book’s last chapter, fittingly titled Security Demystified, explains that in a world of honorable and law abiding citizens our lives would be a lot simpler. Unfortunately, this is not the case: during our life we are constantly facing dangers and risks and often have to evaluate complex tradeoffs that involve the safety of ourselves and the people we love.

For thousands of years the planning of security was conducted by specialists working on isolated domains like defense, banking, or civil aviation. Security decisions, good or (often) bad, were not publicized and the general public was kept in the dark regarding important security tradeoffs and weaknesses. Advances in information and networking technology have resulted in immensely increased requirements for secure applications and associated algorithms and protocols to conduct e-commerce, store private data, and communicate on the open internet. As a result, a new generation of security researchers started working in an open environment of scientific discourse and exchange, publishing their results in the open literature and communicating across previously isolated domain boundaries. These efforts have made information security an important element of computer science with a systematized body of knowledge and accepted practices. Bruce Schneier, a respected member of the information security community, in his book …