Spotlight customer reviews:
|
Customer Rating: 
Summary: Funny
Comment: I never thought I'd find a security book that made me laugh. Both amusing and informative, I had a hard time putting this one down.
Customer Rating:
Summary: Very Good, and Not as Muddled as One has Claimed
Comment: This book is very informative, interesting, and entertaining. I've recommended it to people both within and outside the CS and IT communities w/o reservation.
Rather than reiterating things said in the many positive reviews, I'd like to take issue with one reviewer who says Schneier misuses the term "threat." In particular, this reviewer says "A threat is a party with the capabilities and intentions to exploit a vulnerability in an asset." This definition is both counter to standard English usage and counter to standard usage within the computer security field. Every book on my shelf has roughly the same definition of threat: "Threat: a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability" -- Stallings, Network Security Essentials, p. 5. So a threat is condition or event, not a party. The reviewer seems to confuse threat with potential adversary.
Schneier's terminology is the standard terminology, and he uses it correctly.
Customer Rating:
Summary: Security or Liberty? Both!
Comment: I first read about Bruce Schneier in an eye-opening article by Charles Mann in the September, 2002 issue of The Atlantic Monthly. It seems that you don't have to make the false choice everyone is agonizing over between security and liberty. You can have both.
Schneier's book expands on the ideas in the article. Although Schneier is a technology fan and it is his livelihood, he realizes that sometimes a live security guard can provide better security than cutting-edge (but still fallible) face-recognition scanners, for instance. He explains why national ID cards are not a good idea, and how iris-scanners can be fooled.
These are ideas for security on a large scale, for airports, nuclear and other power plants, and government websites. For security on an individual or small business scale, try Art of the Steal by Frank Abagnale. But even if you don't run a government, Beyond Fear is a fascinating read about how your government is making choices (and how they SHOULD be making choices about your security and about your rights.
Customer Rating: 
Summary: Puts things into perspective
Comment: The title of the book refers to the steps to take after fear is sensed. To move beyond fear is to understand it, how it affects you and why, and what you can do about it. And that is what the book addresses - what things do we need to secure, from our personal interests, to national interests.
Schneier addresses this in the framework of a five questions to ask about security. Although the process seems crude, it does touch the heart of security issue - what are we trying to protect, why, and what happens if we don't protect it?
I particularly like his idea of brittle versus flexible security. When a brittle security system fails, you asset is screwed. A (poor) example would be burying your money in your back yard. If this is compromised (someone finds it), then you loose all your money, and that's the end of it. Compare this to a baking account. If someone robs the bank, or fraudulently takes your money, the bank is obliged to get you your money back. (So maybe you should bury your bank account number and password in yuor back yard!)
Although much of the discussion is on the level of national security, he also has gems of wisdom like suggesting that you leave the bathroom light on while you're away to deter burglars. And he points out yuor identity is more likely to be stolen from your discarded papers than from someone stealing your info on the internet.
I really appreciate the last part of the book where he lists the most-likely causes of death among Americans. What I got from that was not that I should avoid international airports, or dig a fallout shelter, but simply that I should make sure that I and my family are securely buckled up when we drive. Now that's putting 9/11 into perspective.
Customer Rating:
Summary: May be applicable, in general - beyond "digital systems"
Comment: You know, folks, I've a hunch that this book might be applicable, in regards to the "bureaucratically dreamt of", "news-agency talked about", "popularly assumed-of", however "real" phenomenon, particularly: "Homeland security".
I'll admit, I have not yet read Schneier's work, this one. (As I recall, another technician mentioned Schneier; a stop-by at a web-site followed; then,wound up adding this to "my little? wish list")
I figure, I know "a sure thing", when I see it, expressed in written form.
Schneier is a trustworthy author.
So, while I have not yet read it, yet this book - Schneier's - gets "the 5-all-good mark-of-confidence, permanent and for-real real," even in terms of forward, reasoned anticipation, about the applicability of Schneier's expressions, in regards to: digital-systems work, and "general security".
Concluded: It's a book, wholly worth your time.
|
|
|
