Just Finished Reading: Beyond Fear – Thinking Sensibly About Security in an Uncertain World by Bruce Schneier.
I picked this up because I was impressed by another book of his on IT Network Security (which is something I have a passing interest in).
Schneier expands his expertise in the area of IT Security to cover most – if not all – security problems we face today especially, of course, that of fighting terrorism. It seemed to me that this book was written in response to the knee-jerk reactions around the world to the events of 9/11. Schneier makes the point several times (actually he does have a tendency of repeating himself to drive an issue home) that if you want any security measure to be effective you have to think calmly and rationally about things. You cannot have a system which will do the things you want it to if you base your requirement on unreasonable fears.
Schneier also makes the very valid point (again several times) that you cannot prevent attacks no matter what you do. The only thing you can do is be as ready as possible when the attack happens and have procedures in place to mitigate any nasty results. But no matter what you do unexpected things will still occur. Security is a fluid environment so thinking that you have ‘solved’ a security problem is a sure way to invite failure.
Finally Schneier states very clearly that any security measure involves trade-offs. Some of these trade-offs might be worth it – whilst some might not. Of course some people are willing to trade more for security than others. It’s really up to the people involved to find levels of trade-offs that they’re comfortable with.
Whilst rather dry overall this book is well worth a read for anyone concerned about security issues in today’s post-9/11 environment. Aimed primarily (I think) at the US market it can be read by anyone who wants to look at security – both on a small and large scale – in a reasonable manner rather than an emotional one. All in all not a bad read.
No comments:
Post a Comment