Wednesday, April 23, 2014

Currently Reading: Schneier on Security

A book that I am currently reading is Schneier on Security (2008) by Bruce Schneier.

I would hope that most security professionals out there are familiar with Bruce.  He has written several books and numerous articles.  His blog, Schneier on Security, is well known as is his monthly e-newsletter Crypto-Gram (go to his blog to read and subscribe).

For myself, I've read many of his materials and seldom disagree with his views.  I think mainly where I think he may not have all the info, I disagree with his conclusions.  Frankly, I find that too many other security experts of his caliber are sadly a bit stuck in their ways and the views are too off.

Schneier is known for actually criticizing many of the so-called "security" measures put into place for really failing to make us more secure.  He called this "security theater".  So while some so-called experts push for new IDs or more surveillance, Schneier points out that all this stuff doesn't do what it claims, and may, in fact, make us less secure.  You have to wonder what the real reason some people push these methods?

Schneier on Security is a collection of essays written between 2002 and 2008 that have appeared in various magazines, newspapers, websites and Crypto-Gram.  A few he updated at the time of the publication of the book (2008), and all cite the original publication.  Sadly, being over 5 years old, some of the statements are now a little dated, but if you overlook that, there are many interesting items here.

The book is organized into a dozen chapters:
  1. Terrorism and Security
  2. National Security Policy
  3. Airline Travel
  4. Privacy and Surveillance
  5. ID Cards and Security
  6. Election Security
  7. Security and Disasters
  8. Economics of Security
  9. Psychology of Security
  10. Business of Security
  11. Cybercrime and Cyberwar
  12. Computer and Information Security
Because each essay is fairly short (2-3 pages max), and most are just gathered into each chapter by common topic, one can jump around and read what sparks your interest.  In fact, that's what I have been doing.

As some of the topics go beyond just technical information security that many of us in the infosec world focus on, I think its good that we have a better understanding of security outside of IT, as well as the impact of what we do affects other areas.

So check it out.  And if you like what you see, check out his other works as well.  His latest book, Carry On, is actually a "sequel" to this work, collecting articles from 2008-2013.  I don't have it yet, but plan on getting it soon.

<updated 5/1/2014>

No comments:

Post a Comment