Beyond Fear: Thinking Sensibly About Security in an Uncertain World. by Bruce Schneier
|
List Price: Our Price: $13.13 You Save: $11.87 (47%) Availability: Usually ships in 1-2 business days Buy Used: from $7.60 (click here) Category: Book See more book details and other editions |
|---|
Book Reviews of Beyond Fear: Thinking Sensibly About Security in an Uncertain World.
Book Review: Great read
Summary: 4 Stars
Nutshell review - A great read. Entertaining and informative. So well written and very useful at the same time. Book Review: Useful tool for executives
Summary: 4 Stars
I was pretty excited to read Bruce Schneier's Beyond Fear, I have enjoyed hearning him speak and like his blog. I will say that the book could have said what it says with a lot less pages, possibly even an essay. However, there are lots of great stories and a fantastic word picture called "Security Theater". His illustration is that after 9/11 no one knew what to do to combat air terrorism, so they gave the appearance of action by doing things like confiscating nail files. Oh do I agree that much of what we see is security theater!
Bruce has a five step process he tries to illustrate, especially in the second half of the book:
* What assets are you trying to protect?
* What are the risks to these assets? ( I think threats is a more correct word than risks )
* How well does the security solution mitigate those risks?
* What other risks does the security solution cause?
* What trade-offs does the security solution require?
This is a nice implementation of threat vector analysis and he tells great stories. I am not sure the book teaches that much, but it might be a valuable awareness tool for executives.
Book Review: Security fundamentals - well written
Summary: 5 Stars
Beyond Fear is a well-written book on the fundamental concepts and applications of security theory. In the first chapter, he proposes a sequence of five questions that should be asked about any suggested security system.
1. What assets are you trying to protect?
2. What are the risks to those assets?
3. How well does the security solution mitigate the risks?
4. What other risks does the security solution cause?
5. What costs and trade-offs does the security solution impose?
He spends the rest of the book discussing various aspects of security, and talking about various implementations of security both historical and modern. He finished writing this book in 2003, so there are many references to the 9-11 incidents and the security activities implemented because of them.
Book Review: Reading it improves the reader security intelligence
Summary: 5 Stars
The content of this book slightly overlap the content of the author previous book Secrets and Lies: Digital Security in a Networked World but presents the material with a different angle. An angle with the perspective of a security expert that witness security measures taken by governments in reaction of the 9/11 terrorism attack and wants people to understand the absurdity of some of these measures.
It is not technical at all and does not necessitate any particular background to understand and enjoy. The author explains clearly how to make a risk assessment of something that you want to make more secure and then evaluate the cost of the security measures. Only when you have that data, you can evaluate if the added security is worth it.
These explanations are backed up with concrete examples such as evaluating the risk to make purchase with a credit card over the internet. Other examples include the absurdity of securing a lunch in a company refrigerator because the potential loss if having a lunch stolen does not justify securing it. The author also explains that even with technologies that looks very accurate such as facial recognition with an error rate of, let's say, 0.0001 % are totally ineffective when they have to control a huge number of persons like a stadium crowd because even with this accuracy, they would create an unmanageable amount of false positive alerts.
The author also elaborate about why you should question the motivation of a security provider when it is a third party and link this with how people fears can be exploited to introduce invasive, excessively expensive and inefficient security measures. I think that the goal of the author was to make people more critics about security questions and my opinion is that his goal has been successfully achieved.
Book Review: Sensible security for an unsensible world
Summary: 5 Stars
Most people think that they think rationally about security decisions.
Most don't even know when they're making security decisions.
Fewer know what those decisions really entail.
Only Bruce Schneier knows how to make those decisions sensibly, and he's passing that information along to the world.