REVIEW - Secrets&Lies (revised)

Title:

Secrets&Lies (revised)

Author:

Bruce Schneier

ISBN:

0471253111

Publisher:

Wiley ()

Pages:

414pp

Reviewer:

Mark Easterbrook

Reviewed:

December 2004

Rating:

3 out of 5

takes a realistic look at threat and risk analysis

We all live in an increasingly digital and networked world. We also live in a world that seems increasingly hostile, at both the personal level and the global level. Yet, so few of us really take security really seriously: maybe we all lock our doors and windows and install firewalls and virus scanners, but this is just basic stuff - when did you last perform a security audit on your house or your Internet connection?

This book examines the security of the digital networked world and the domains that interface and interact with it, including us, in a pragmatic, myth-busting, sometimes humorous, and often worry-inducing way. It is divided into three parts:

Part 1 - The Landscape - sets the scene, who are they, what do they want, why they want it, how might they get it, and why are they targeting you. If the answer is "I don't know", as it is often the case, you just have to guess and hope you are somewhere close.

Part 2 - Technologies - is the largest section and comprehensively covers the technology used in attack, defence, detection and alerting. The common theme here is that security is like a chain, and is only as strong as its weakest link.

Part 3 - Strategies - looks at the practical side of securing your part of the world. This takes a realistic look at threat and risk analysis and how sufficient defence strategy can be created. Not surprisingly, technology is only part of the problem, and only part of the answer - security is a human issue as much as it is a technical one.

When you have read this book, and I strongly urge that you do, there will be one of two outcomes: You will take security much more seriously, or you will sleep much less easily at night. Recommended.


Book cover image courtesy of Open Library.