What do you think?
Rate this book
Beyond Fear: Thinking Sensibly About Security in an Uncertain World.
Many of us, especially since 9/11, have become personally concerned about issues of security, and this is no surprise. Security is near the top of government and corporate agendas around the globe. Security-related stories appear on the front page everyday. How well though, do any of us truly understand what achieving real security involves?
In Beyond Fear, Bruce Schneier invites us to take a critical look at not just the threats to our security, but the ways in which we're encouraged to think about security by law enforcement agencies, businesses of all shapes and sizes, and our national governments and militaries. Schneier believes we all can and should be better security consumers, and that the trade-offs we make in the name of security - in terms of cash outlays, taxes, inconvenience, and diminished freedoms - should be part of an ongoing negotiation in our personal, professional, and civic lives, and the subject of an open and informed national discussion.
With a well-deserved reputation for original and sometimes iconoclastic thought, Schneier has a lot to say that is provocative, counter-intuitive, and just plain good sense. He explains in detail, for example, why we need to design security systems that don't just work well, but fail well, and why secrecy on the part of government often undermines security. He also believes, for instance, that national ID cards are an exceptionally bad technically unsound, and even destructive of security. And, contrary to a lot of current nay-sayers, he thinks online shopping is fundamentally safe, and that many of the new airline security measure (though by no means all) are actually quite effective. A skeptic of much that's promised by highly touted technologies like biometrics, Schneier is also a refreshingly positive, problem-solving force in the often self-dramatizing and fear-mongering world of security pundits.
Schneier helps the reader to understand the issues at stake, and how to best come to one's own conclusions, including the vast infrastructure we already have in place, and the vaster systems--some useful, others useless or worse--that we're being asked to submit to and pay for.
Bruce Schneier is the author of seven books, including Applied Cryptography (which Wired called "the one book the National Security Agency wanted never to be published") and Secrets and Lies (described in Fortune as "startlingly lively...¦[a] jewel box of little surprises you can actually use."). He is also Founder and Chief Technology Officer of Counterpane Internet Security, Inc., and publishes Crypto-Gram, one of the most widely read newsletters in the field of online security.
In Beyond Fear, Bruce Schneier invites us to take a critical look at not just the threats to our security, but the ways in which we're encouraged to think about security by law enforcement agencies, businesses of all shapes and sizes, and our national governments and militaries. Schneier believes we all can and should be better security consumers, and that the trade-offs we make in the name of security - in terms of cash outlays, taxes, inconvenience, and diminished freedoms - should be part of an ongoing negotiation in our personal, professional, and civic lives, and the subject of an open and informed national discussion.
With a well-deserved reputation for original and sometimes iconoclastic thought, Schneier has a lot to say that is provocative, counter-intuitive, and just plain good sense. He explains in detail, for example, why we need to design security systems that don't just work well, but fail well, and why secrecy on the part of government often undermines security. He also believes, for instance, that national ID cards are an exceptionally bad technically unsound, and even destructive of security. And, contrary to a lot of current nay-sayers, he thinks online shopping is fundamentally safe, and that many of the new airline security measure (though by no means all) are actually quite effective. A skeptic of much that's promised by highly touted technologies like biometrics, Schneier is also a refreshingly positive, problem-solving force in the often self-dramatizing and fear-mongering world of security pundits.
Schneier helps the reader to understand the issues at stake, and how to best come to one's own conclusions, including the vast infrastructure we already have in place, and the vaster systems--some useful, others useless or worse--that we're being asked to submit to and pay for.
Bruce Schneier is the author of seven books, including Applied Cryptography (which Wired called "the one book the National Security Agency wanted never to be published") and Secrets and Lies (described in Fortune as "startlingly lively...¦[a] jewel box of little surprises you can actually use."). He is also Founder and Chief Technology Officer of Counterpane Internet Security, Inc., and publishes Crypto-Gram, one of the most widely read newsletters in the field of online security.
304 pages, Hardcover
First published January 1, 2003
50 people are currently reading
1311 people want to read
About the author
Bruce Schneier
50 books639 followersBruce Schneier is a renowned security technologist, called a “security guru” by the Economist. He has written more than one dozen books, including the New York Times bestseller Data and Goliath (2014) and Click Here to Kill Everybody (2018). He teaches at the Harvard Kennedy School and lives in Cambridge, Massachusetts.
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 30 of 56 reviews
August 10, 2007
I actually had to stop reading this book, because the author apparently didn't care to do the research. The first chapter has a bunch of tables and graphs, depicting data he decided to pull from all sorts of different sources, and without normalizing the data in any way, decided to mash all the data together and call it "research".
I'm not really a statistician/mathematician/numerologist/whatever, but I'm pretty sure you can't just pick pieces of data from various different sources, and call it homogeneous data.
Though the plus side is Schneier was at the Gartner conference where I got this book and he signed the inside cover.
I'm not really a statistician/mathematician/numerologist/whatever, but I'm pretty sure you can't just pick pieces of data from various different sources, and call it homogeneous data.
Though the plus side is Schneier was at the Gartner conference where I got this book and he signed the inside cover.
March 7, 2023
TikTok As A Security Breach
In an increasingly digital world where cyberattacks and security breaches are becoming more common, this book is a must-read.
This book provides a comprehensive guide to understanding the complexities of security in the modern age, and how to stay safe online. Schneier's writing is clear and concise, and he provides practical advice on how to improve your personal security, both online and offline.
One of the things I appreciated most about this book was how Schneier encourages readers to think critically about the systems in place that are supposed to protect us.
He examines the flaws and limitations of various security measures and provides insight into what really works and what doesn't.
This is an eye-opening and informative book that will leave you with a lot to think about.
Whether you're a casual internet user or a security professional, there's something for everyone in this book. Highly recommended.
With the current prevelance of security threats such as spy balloons and TikTok, this book is more important than ever to read.
4.6/5
In an increasingly digital world where cyberattacks and security breaches are becoming more common, this book is a must-read.
This book provides a comprehensive guide to understanding the complexities of security in the modern age, and how to stay safe online. Schneier's writing is clear and concise, and he provides practical advice on how to improve your personal security, both online and offline.
One of the things I appreciated most about this book was how Schneier encourages readers to think critically about the systems in place that are supposed to protect us.
He examines the flaws and limitations of various security measures and provides insight into what really works and what doesn't.
This is an eye-opening and informative book that will leave you with a lot to think about.
Whether you're a casual internet user or a security professional, there's something for everyone in this book. Highly recommended.
With the current prevelance of security threats such as spy balloons and TikTok, this book is more important than ever to read.
4.6/5
September 9, 2020
Overcoming personal anxieties is an integral element for any professional security officer. These crippling emotions are unnecessary, which is evident as Schneier exposes the flimsily irrational foundations that support a majority of society’s fears. The author offers psychological advice to counter any nervousness readers might have about the rapidly changing planet.
December 19, 2021
Overall an OK read. Had some nice aha moments. On the whole very repettative and in dire need of citations.
November 11, 2017
Bruce Schneier coined the term "security theater" to describe restricting or modifying aspects of people's behavior or surroundings in very visible and highly specific ways to make it look like security is improved while actually not providing any measurable security benefits at all.
This book talks about security theater and about the ways to recognize it and about the ways to assess risk and the costs of various security measures. The author presents a 5 step process for analyzing and evaluating security and he applies to all sorts of situations from home burglar alarms to commercial shoplifting to national security programs.
It's an interesting read, though somewhat dry and a bit dated, it points out how security means different things to different people at different times... what airplane security means to you is very different from what it means to the airline and what it means to the government are largely different and often these differences can be in opposition to each other. It talks about recognizing attackers and their motivations and what effects that has on the security that defenders need to have in place. How security systems can fail in various ways; how prevention, detection and response are necessary aspects of any security system.
All in all, it was interesting but I think that Gavin de Becker's "The Gift of Fear" is a better book with more useful insights.
This book talks about security theater and about the ways to recognize it and about the ways to assess risk and the costs of various security measures. The author presents a 5 step process for analyzing and evaluating security and he applies to all sorts of situations from home burglar alarms to commercial shoplifting to national security programs.
It's an interesting read, though somewhat dry and a bit dated, it points out how security means different things to different people at different times... what airplane security means to you is very different from what it means to the airline and what it means to the government are largely different and often these differences can be in opposition to each other. It talks about recognizing attackers and their motivations and what effects that has on the security that defenders need to have in place. How security systems can fail in various ways; how prevention, detection and response are necessary aspects of any security system.
All in all, it was interesting but I think that Gavin de Becker's "The Gift of Fear" is a better book with more useful insights.
September 19, 2018
The book is about security and can be a bit dull sometimes. The security is often theoretical and not practical.
The concepts Schneier is talking about is in bird perspective, it is timeless. The statistics might be incorrect or not, that is not what the book is about. He is trying to get you to understand security in a theoretical way and that we do often think wrong about security and are worried for no reasonable reason. Security is always about trade-offs but the trade-offs do not have to be so extreme as politics are saying. Freedom and security do not correlate and just because you give up your freedom does not mean that you are safe, you might be "safer", or not.
The concepts Schneier is talking about is in bird perspective, it is timeless. The statistics might be incorrect or not, that is not what the book is about. He is trying to get you to understand security in a theoretical way and that we do often think wrong about security and are worried for no reasonable reason. Security is always about trade-offs but the trade-offs do not have to be so extreme as politics are saying. Freedom and security do not correlate and just because you give up your freedom does not mean that you are safe, you might be "safer", or not.
March 19, 2024
The book was mind-opening about many aspects of the broad field of security. Considering it was written in 2003 it didn’t age too much and the fundamental concepts reported held till today. Not only Schneider brings practical analysis of real attacker-defender situations and dynamics, but he also examines the mindset and philosophy that should be embraced when we talk about security.
September 3, 2017
Schneier gives a 10k foot overview of security in general, not just computers. His principles and clear thinking are timeless.
September 5, 2019
Well written and easily understood
June 5, 2020
A masterpiece! A book on security that everyone must read. Easy, insightful and absolutely illuminating!
Currently reading
March 8, 2024Resume at chapter 6, page 73.
This entire review has been hidden because of spoilers.
July 9, 2024
I found his writing easy to understand, but not concise at all. I think his book could have been written in half the pages. The information was interesting and informative.
December 28, 2024
Security is explained in the most casual way without hassling with technical terminology
September 16, 2017
Though published fourteen years ago, Schneier's Beyond Fear is still a relevant read - if anything, more relevant than ever. In some detail, he describes what security really means and what factors must be evaluated when choosing and implementing security measures. This is not just a book for techies; it's written for a wide audience and covers security in all areas of life. He uses a number of historical anecdotes to illustrate his points, which I particularly liked.
However, despite my initial interest, I found it difficult to keep reading and almost didn't finish it. It was slow and felt at times redundant; it could have been much shorter and still covered the same material. Also, I know this book was written for general consumption, but some notes at the end or at least a bibliography would be helpful.
However, despite my initial interest, I found it difficult to keep reading and almost didn't finish it. It was slow and felt at times redundant; it could have been much shorter and still covered the same material. Also, I know this book was written for general consumption, but some notes at the end or at least a bibliography would be helpful.
March 12, 2017
Realistic approach to security and risk management
April 2, 2012
From my review of Beyond Fear in Security Management magazine:
Bruce Schneier is perhaps the best example of why IT security professionals are "eating the lunch" of physical security managers in some corporations. He thinks creatively, he expresses himself logically, and he has cultivated the ear of people high on the corporate food chain. His latest book will be food for thought for security professionals.
Beyond Fear is organized into three sections: "Sensible Security," "How Security Works," and "The Game of Security." The first section introduces three of Schneier's core concepts: that all security involves trade-offs, that trade-offs are subjective, and that they depend on power and agenda.
The longest of the three sections, "How Security Works," covers well-known principles such as detection and response--the chapter on identification, authentication, and authorization alone is worth the price of the book--but it also introduces several thought-provoking concepts. These include "rarity-based failure" (when an event is so uncommon that when it happens people don't believe it's a security incident, assume it's a malfunction, or have never practiced responding to it) and "class breaks" (when attackers can exploit one newly discovered vulnerability to attack all systems of the same class).
Some security managers will chafe at "The Game of Security," in which Schneier makes bold pronouncements such as "Bad security is worse than no security." Physical security managers may also bristle at being told how to improve their physical security by Schneier, an IT security expert. But readers should stick with the section to the end. Even if they don't agree with Schneier, security managers will discover a bracing new way of looking at their field.
Although it has many of the components of a great book, readers will differ over whether it reaches that lofty level. Some of the examples Schneier uses seem to be mere anecdotes; it's impossible to tell because there are no footnotes. Also, while it is clear that Schneier knows the difference between safety and security, several examples he gives of system failure involve safety, not security issues.
In another case, Schneier discusses "security theater"--highly visible but hollow security efforts designed to mollify the average worker or citizen. While Schneier is understandably cynical in his view that security is often used as a smokescreen, what is missing from an otherwise excellent discussion is appropriate attention to the role played by the risk management and legal departments in contributing to security decisions. Less-than-ideal security decisions are made every day not for appearance's sake but to meet a threshold legal standard.
Whether the reader agrees with him or not, Schneier is always challenging and compelling. Many audiences would benefit from this book. Homeland security officials could stand to absorb Schneier's dictum that "Bad security is worse than no security." By understanding and puncturing the security mystique, clients who contract for security services could keep their providers honest. Nonsecurity executives would learn how difficult it is to provide good security. Finally, after reading this book, physical security professionals should stand a fighting chance of wrestling their lunch back from IT.
Bruce Schneier is perhaps the best example of why IT security professionals are "eating the lunch" of physical security managers in some corporations. He thinks creatively, he expresses himself logically, and he has cultivated the ear of people high on the corporate food chain. His latest book will be food for thought for security professionals.
Beyond Fear is organized into three sections: "Sensible Security," "How Security Works," and "The Game of Security." The first section introduces three of Schneier's core concepts: that all security involves trade-offs, that trade-offs are subjective, and that they depend on power and agenda.
The longest of the three sections, "How Security Works," covers well-known principles such as detection and response--the chapter on identification, authentication, and authorization alone is worth the price of the book--but it also introduces several thought-provoking concepts. These include "rarity-based failure" (when an event is so uncommon that when it happens people don't believe it's a security incident, assume it's a malfunction, or have never practiced responding to it) and "class breaks" (when attackers can exploit one newly discovered vulnerability to attack all systems of the same class).
Some security managers will chafe at "The Game of Security," in which Schneier makes bold pronouncements such as "Bad security is worse than no security." Physical security managers may also bristle at being told how to improve their physical security by Schneier, an IT security expert. But readers should stick with the section to the end. Even if they don't agree with Schneier, security managers will discover a bracing new way of looking at their field.
Although it has many of the components of a great book, readers will differ over whether it reaches that lofty level. Some of the examples Schneier uses seem to be mere anecdotes; it's impossible to tell because there are no footnotes. Also, while it is clear that Schneier knows the difference between safety and security, several examples he gives of system failure involve safety, not security issues.
In another case, Schneier discusses "security theater"--highly visible but hollow security efforts designed to mollify the average worker or citizen. While Schneier is understandably cynical in his view that security is often used as a smokescreen, what is missing from an otherwise excellent discussion is appropriate attention to the role played by the risk management and legal departments in contributing to security decisions. Less-than-ideal security decisions are made every day not for appearance's sake but to meet a threshold legal standard.
Whether the reader agrees with him or not, Schneier is always challenging and compelling. Many audiences would benefit from this book. Homeland security officials could stand to absorb Schneier's dictum that "Bad security is worse than no security." By understanding and puncturing the security mystique, clients who contract for security services could keep their providers honest. Nonsecurity executives would learn how difficult it is to provide good security. Finally, after reading this book, physical security professionals should stand a fighting chance of wrestling their lunch back from IT.
December 29, 2011
My review, written and posted in the VICS Newsletter (VICS is the Voluntary Inter-Industry Commerce Solutions Association)
The bottom line: Bruce makes it clear that we should respond to real risks, and not perceived risks. Through this he challenges our responses to perceived risks, including our response post 9-11.
=====
Never has security seemed more important. We almost long for the hackers of yester-year that really just wanted to see where they could go, and at their most malicious, would wipe out hard drives. Today’s “hackers” are really cyber-terrorists, seeking to steal your profits, assume your identities (or those of your customers) and in some instances topple your infrastructure from within.
We are reminded daily of just how insecure our systems are. Bruce Schneier (rhymes with “liar”) is a global leader in security technology, having testified before Congress and been invited to speak at security conferences the world over. In his book, Beyond Fear: Thinking Sensibly About Security in an Uncertain World, he tackles the dominant view of security, forcing the reader to challenge their own views on what makes for a more secure world. For instance, he reminds us that “Security concerns itself with intentional actions. This points to an important distinction: Protecting assets from unintentional actions is safety, not security.”
Think about this for a minute. As we face natural disasters that threaten disruptions to our supply chain, we are tempted to talk in terms of “supply chain security.” He argues that not only is that the wrong term, but it goes beyond semantics—we will tackle the wrong problem, and implement wrong solutions!
He then shifts to a discussion about the need to evaluate “risk” rather than simply threats.
“Risk management is about playing the odds. It's figuring out which attacks are worth worrying about and which ones can be ignored. It's spending more resources on the serious attacks and less on the frivolous ones. It's taking a finite security budget and making the best use of it. We do this by looking at the risks, not the threats.”
If there is any single message to take from this book, it is that we need to re-think our approaches to security, and risk assessment. This book is not only a clarion call for change, but a book that will cause you to think through your business with every page you read. Security isn’t just for the IT staff, or the “security guards.” It’s important for us all.
As Schneier writes, “Security is not about technology. It's about risks, and different ways to manage those risks. It's not a product; it's a process.”
The bottom line: Bruce makes it clear that we should respond to real risks, and not perceived risks. Through this he challenges our responses to perceived risks, including our response post 9-11.
=====
Never has security seemed more important. We almost long for the hackers of yester-year that really just wanted to see where they could go, and at their most malicious, would wipe out hard drives. Today’s “hackers” are really cyber-terrorists, seeking to steal your profits, assume your identities (or those of your customers) and in some instances topple your infrastructure from within.
We are reminded daily of just how insecure our systems are. Bruce Schneier (rhymes with “liar”) is a global leader in security technology, having testified before Congress and been invited to speak at security conferences the world over. In his book, Beyond Fear: Thinking Sensibly About Security in an Uncertain World, he tackles the dominant view of security, forcing the reader to challenge their own views on what makes for a more secure world. For instance, he reminds us that “Security concerns itself with intentional actions. This points to an important distinction: Protecting assets from unintentional actions is safety, not security.”
Think about this for a minute. As we face natural disasters that threaten disruptions to our supply chain, we are tempted to talk in terms of “supply chain security.” He argues that not only is that the wrong term, but it goes beyond semantics—we will tackle the wrong problem, and implement wrong solutions!
He then shifts to a discussion about the need to evaluate “risk” rather than simply threats.
“Risk management is about playing the odds. It's figuring out which attacks are worth worrying about and which ones can be ignored. It's spending more resources on the serious attacks and less on the frivolous ones. It's taking a finite security budget and making the best use of it. We do this by looking at the risks, not the threats.”
If there is any single message to take from this book, it is that we need to re-think our approaches to security, and risk assessment. This book is not only a clarion call for change, but a book that will cause you to think through your business with every page you read. Security isn’t just for the IT staff, or the “security guards.” It’s important for us all.
As Schneier writes, “Security is not about technology. It's about risks, and different ways to manage those risks. It's not a product; it's a process.”
December 19, 2019
Five stars for a book that lays out five steps to think about and analyze any and all security systems, from street mugging to encryption, from home security to national security, in terms of what needs to be protected, how to protect it, who is trying to get at it, what's it worth, and what trade-offs or externalities the proposed security incurs. Also breaks down the human factor, disentangles identification from authentication from authorization, and breaks down the different prongs of security: defense (prevention), response, deterrence, audit/forensics.
The concepts in this book will be familiar to anyone acquainted with threat or risk analysis and the making of 'attack trees', which are a subset of 'who's trying to get at this' and 'how can they be stopped?'
Grounded in a thoroughly secular evolutionary worldview, from which innumerable illustrations are drawn, and working from a thoroughly atheistical anthropology which believes in the inherent goodness of human nature, the analysis is hampered from reaching the heights of truth and probing some of the deep things of security, but as a practical layman's introduction it is not hampered as much as it could be (as if it were, say, a text looking for the underlying cause of security failure, subornability, etc.), and does its job admirably.
****/ Four and one-half stars.
The concepts in this book will be familiar to anyone acquainted with threat or risk analysis and the making of 'attack trees', which are a subset of 'who's trying to get at this' and 'how can they be stopped?'
Grounded in a thoroughly secular evolutionary worldview, from which innumerable illustrations are drawn, and working from a thoroughly atheistical anthropology which believes in the inherent goodness of human nature, the analysis is hampered from reaching the heights of truth and probing some of the deep things of security, but as a practical layman's introduction it is not hampered as much as it could be (as if it were, say, a text looking for the underlying cause of security failure, subornability, etc.), and does its job admirably.
****/ Four and one-half stars.
January 29, 2015
Had this on the shelf for years, but never picked it up until recently as it's a pretty hefty book. A quick skim showed it was quite readable though - pages flick by quickly. Schneier sets out a logical approach to thinking about all the stuff which worries us, in an attempt to think "beyond fear", and turn defence into something we understand better.
The first couple of chapters and the last are the interesting bits, setting out a rough guide to thinking about risk, and ending with a more philosophical approach to what we can achieve at a societal level. The main chunk of the book is a crash course in security and risk - lots of quick running through all the different aspects of it, and sentence after sentence of quick-fire examples.
I didn't learn anything new, but that depends on what you already think about, I guess. Also, obviously dated by a lot of references to 9/11, but the approach to terrorism is still valid today. What I did learn was that you can be logical and rational about the world, rather than overly emotional and worried about it. Which is the point of the book, really.
Worth a look if you're really interested in defending yourself against threats. Probably 3.5 stars, but upping to 4 as it deserves it simply for comprehensiveness.
The first couple of chapters and the last are the interesting bits, setting out a rough guide to thinking about risk, and ending with a more philosophical approach to what we can achieve at a societal level. The main chunk of the book is a crash course in security and risk - lots of quick running through all the different aspects of it, and sentence after sentence of quick-fire examples.
I didn't learn anything new, but that depends on what you already think about, I guess. Also, obviously dated by a lot of references to 9/11, but the approach to terrorism is still valid today. What I did learn was that you can be logical and rational about the world, rather than overly emotional and worried about it. Which is the point of the book, really.
Worth a look if you're really interested in defending yourself against threats. Probably 3.5 stars, but upping to 4 as it deserves it simply for comprehensiveness.
November 4, 2013
Bruce wrote this book in 2003 as a response to 9/11 and how it lead to changes in security practices in the U.S. He criticizes many of the security measures taken as "security theater" that makes it look like something is being done without actually accomplishing anything useful. His criticisms probably are nothing terribly new to people 2013 when many people have come to similar conclusions, but what I think is more important in this book is that he attempts to lay out a way of thinking about security that is rational. Security can never be 100% in a world of human beings, and security always entails trade-offs that make it a cost-benefit decision. As an example, you would never hire an armed guard to protect your empty bottles for getting the 10 cent deposit back. That just doesn't make sense. Bruce lays out a 5 point analysis you can do with any security plan that asks questions about what you are trying to protect, what are the costs of the protection, will the proposed solution actually work, etc. It is a good analysis and worth a read if you want to learn how to think intelligently about security.
April 6, 2008
Bruce Schneier in an author well worth knowing. I strongly recommend reading what he has posted on his website. (http://www.schneier.com/) It's fantastic stuff. However I found this book very disappointing, for quite a few different reasons. Three of them are:
1) The introduction is in the 2nd person. Thankfully it stopped, but it was extremely annoying. Seriously. Don't do that.
2) No footnotes. This results in some odd statements that I would have really liked to be able to verify. What's worse, though, is that it lead to an often sloppy approach that the discipline of having to cite things would have gone a long way to correct.
3) You know the song "The Gambler"? How the central advice in the song ("You got to know when to hold 'em/Know when to fold 'em/Know when to walk away/Know when to run...") sounds good, but, when you stop and think about it, it kinda boils down to saying something like "You gotta be smarter," which, really, isn't useful at all? Well, this book is much better than that. But it did call "The Gambler" to mind.
1) The introduction is in the 2nd person. Thankfully it stopped, but it was extremely annoying. Seriously. Don't do that.
2) No footnotes. This results in some odd statements that I would have really liked to be able to verify. What's worse, though, is that it lead to an often sloppy approach that the discipline of having to cite things would have gone a long way to correct.
3) You know the song "The Gambler"? How the central advice in the song ("You got to know when to hold 'em/Know when to fold 'em/Know when to walk away/Know when to run...") sounds good, but, when you stop and think about it, it kinda boils down to saying something like "You gotta be smarter," which, really, isn't useful at all? Well, this book is much better than that. But it did call "The Gambler" to mind.
December 20, 2013
Anyone concerned about security in this day and age should read this book by a security expert.
5-point system for assessing ANY security system, from home to national.
Interesting that we were actually at higher risk from a car accident when we went out to purchase duct tape at the recommendation of DHS than from a terrorist attack.
Explains why facial recognition systems and massive databases (too many false positives) and intensive checking of everything coming into the country (too expensive) aren't a solution to our security problems.
Uses examples from nature to illustrate some lessons about security.
It was far more fascinating than I expected.
He also confirmed what another security expert I heard testify on Beacon Hill after 9/11 said: that the massive collection of data is virtually useless and does not make us safer, while being a threat to independence and privacy. He believes that we are safer in free and open societies, because they prevent abuse of power. (I can imagine what he has to say about the NSA programs.)
5-point system for assessing ANY security system, from home to national.
Interesting that we were actually at higher risk from a car accident when we went out to purchase duct tape at the recommendation of DHS than from a terrorist attack.
Explains why facial recognition systems and massive databases (too many false positives) and intensive checking of everything coming into the country (too expensive) aren't a solution to our security problems.
Uses examples from nature to illustrate some lessons about security.
It was far more fascinating than I expected.
He also confirmed what another security expert I heard testify on Beacon Hill after 9/11 said: that the massive collection of data is virtually useless and does not make us safer, while being a threat to independence and privacy. He believes that we are safer in free and open societies, because they prevent abuse of power. (I can imagine what he has to say about the NSA programs.)
January 20, 2012
I enjoy reading Schneiers books because he has the ability to write about complex and abstract issues and then bring them down into practice by giving easy to understand examples from real life scenarios and throwing even few jokes here and there to underline the absurdity of some security measures currently used.
Schneiers analytical view is systematic and inexhaustible and while reading the book I noticed how my own ideas and concepts about what security is and how one can achieve it ended up with countless number of "why-didn't-i-think-it-from-that-point-of-view"-holes.
As a student I enjoy reading security and safety related books that take a critical viewpoint on assumptions and truths people believe and have about security and safety. I also think that the five step system Schneier introduced will prove to be useful in my studies and provide a simple yet effective and comprehensive tool to use in addition to other risk analysis tools
Schneiers analytical view is systematic and inexhaustible and while reading the book I noticed how my own ideas and concepts about what security is and how one can achieve it ended up with countless number of "why-didn't-i-think-it-from-that-point-of-view"-holes.
As a student I enjoy reading security and safety related books that take a critical viewpoint on assumptions and truths people believe and have about security and safety. I also think that the five step system Schneier introduced will prove to be useful in my studies and provide a simple yet effective and comprehensive tool to use in addition to other risk analysis tools
November 26, 2012
I'm familiar with most of the concepts and much of the writings of Bruce Schneier (at least on the security side; I don't claim to understand more than the barest outlines of cryptography). Even though the book was written in 2003, his central theme remain sound -- any security measures need to be evaluated with the following five questions:
1. What assets are you trying to protect?
2. What are the risks against these assets?
3. How well does the security solution mitigate the risks?
4. What other risks does the security solution cause?
5. What trade-offs does the security solution require?
I've been trying to think a lot about disaster preparedness and emergency management, and Schneier's five questions are very compatible, so I hope in the future to compare and contrast his security-focused approach, with the emergency management approach (which are very similar, and in fact, may simply be just relabeling the issues involved.)
1. What assets are you trying to protect?
2. What are the risks against these assets?
3. How well does the security solution mitigate the risks?
4. What other risks does the security solution cause?
5. What trade-offs does the security solution require?
I've been trying to think a lot about disaster preparedness and emergency management, and Schneier's five questions are very compatible, so I hope in the future to compare and contrast his security-focused approach, with the emergency management approach (which are very similar, and in fact, may simply be just relabeling the issues involved.)
March 22, 2015
The book takes security in general as its prime topic and tries to present a standardised methodology towards analysing all the security related issues. It then goes on to apply these standardised steps on various daily life and national security related scenarios in an effort to emphasize the need for taking security as a measure of trade-offs among various interrelated factors like personal ease, risk involved and the cost for mitigating those risks. Overall the author tries to impress upon the reader the fact that absolute security is an illusion and sometimes even not worth the effort. Only adjusting our opinion of how we look at security and measuring the trade-offs attached with it can help us come out of the security realted fears and make us feel more secure.
January 29, 2012
Another review of this book called it a "good non-technical book on understanding security in general" and that's how I'd summarize it. He talks about nothing is truly secure, so we make tradeoffs to get the best odds we can while still being able to function. It's a lot more common sense than you might think.
Also, since it was written in 2003 much of the book talks about 9/11, of course. The author praises the conception of TSA and how much that will improve security, which is funny to read in the wake of so many scandals. It'd be interesting to hear his opinion these days, although I suspect he'd be a vocal critic.
Also, since it was written in 2003 much of the book talks about 9/11, of course. The author praises the conception of TSA and how much that will improve security, which is funny to read in the wake of so many scandals. It'd be interesting to hear his opinion these days, although I suspect he'd be a vocal critic.
June 24, 2012
This is more of security sociology, psychology, and philosophy book than a scientific or academic study. So you are not going to find statistics, tables, or "hard evidence".
But you will find examples of how security works and how it can fail. The lack of statistics and such is not necessarily a weakness for the type of book it seems to be. It is make the public think about where they really want to go with security and does it in a readable way rather than to try to give empirical data showing if we are more secure in an open society vs a totalitarian one vs a panopticon society. In a way, this hinges upon culture and worlviews. But that is another topic for a different venue.
But you will find examples of how security works and how it can fail. The lack of statistics and such is not necessarily a weakness for the type of book it seems to be. It is make the public think about where they really want to go with security and does it in a readable way rather than to try to give empirical data showing if we are more secure in an open society vs a totalitarian one vs a panopticon society. In a way, this hinges upon culture and worlviews. But that is another topic for a different venue.
August 17, 2009
Great non-technical book on understanding security in general. Presented a good method for analyzing security risks and whether or not certain trade-offs are worth it. Some people have complained about the lack of references, but I think the underlying methodology he uses in the numerous cases through the book (e.g., are home alarm systems worth it? is it safe to pay with credit cards online? does arming pilots make flying safer?, etc.). This definitely wasn't a fast read, as I've been reading it for 4.5 months, but it was a good one to spend 15-20 minutes on when you have a chance.
April 26, 2009
Definitely not "fluffy" reading, but an excellent book.
Bruce talks about *how* to assess security threats and solutions, leaving the theory current and highly applicable, even if the content is a couple of years old. He does a good job alternating between theory and examples, which both clarifies what he's talking about and keeps the text from being too dry. And he uses his theory to discuss examples from as small as whether you should lock your house door to as large as whether the US should have a national ID card.
Good stuff if the topic holds any interest for you at all.
Bruce talks about *how* to assess security threats and solutions, leaving the theory current and highly applicable, even if the content is a couple of years old. He does a good job alternating between theory and examples, which both clarifies what he's talking about and keeps the text from being too dry. And he uses his theory to discuss examples from as small as whether you should lock your house door to as large as whether the US should have a national ID card.
Good stuff if the topic holds any interest for you at all.
February 5, 2016
Good security analysis:
1. What assets are you trying to protect?
2. What are the risks to those assets?
3. How well does the security solution mitigate those risks?
4. What other risks does the security solution cause?
5. What trade-offs does the security solution require?
Found this on an old library list I made, so I checked it out. I was worried it would feel outdated since it was written shortly after 9/11. But it is still very relevant. Good primer on how to think about security. Thought provoking, even if it started to feel a little repetitive at the end.
1. What assets are you trying to protect?
2. What are the risks to those assets?
3. How well does the security solution mitigate those risks?
4. What other risks does the security solution cause?
5. What trade-offs does the security solution require?
Found this on an old library list I made, so I checked it out. I was worried it would feel outdated since it was written shortly after 9/11. But it is still very relevant. Good primer on how to think about security. Thought provoking, even if it started to feel a little repetitive at the end.
Displaying 1 - 30 of 56 reviews