ACCU Home page ACCU Conference Page
Search Contact us ACCU at Flickr ACCU at GitHib ACCU at Google+ ACCU at Facebook ACCU at Linked-in ACCU at Twitter Skip Navigation

Search in Book Reviews

The ACCU passes on review copies of computer books to its members for them to review. The result is a large, high quality collection of book reviews by programmers, for programmers. Currently there are 1918 reviews in the database and more every month.
Search is a simple string search in either book title or book author. The full text search is a search of the text of the review.
    View all alphabetically
Title:
Secrets&Lies
Author:
Bruce Schneier
ISBN:
0 471 25311 1
Publisher:
Wiley
Pages:
412pp
Price:
£
Reviewer:
Francis Glassborow
Subject:
cryptography; security
Appeared in:
12-5
Perhaps the author's name seems familiar. It should because he is the author of one of the most authoritative books ever written on the subject of encryption, 'Applied Cryptography'. It was also responsible for what the author considers a serious mistake. One motive for this book is to correct that mistake.

However good the mathematics of cryptography may be there is much, much more to security than cryptography. Security is no stronger than the weakest link. A technically uncrackable encryption algorithm is completely nullified by such things as human weaknesses.

What do you do about the employee who keeps decrypted versions of vital documents on their hard-drives because it saves time? How do you cope with devices that allow remote copying of what is on your screen? Those are only a couple of aspects of security. There are many more.

This is not a book to browse. It is a book in which the author attempts to provide a complete picture of security in modern IT systems. Its purpose is not to provide solutions but to raise awareness of the deeper issues that need to be addressed.

Modern technology based societies make awareness of security an issue for all of us. When information can be stolen in bulk and searched at leisure, the implications of personal data in such things as your tax-return, your telephone account, and your bank statement become much more threatening. We live in a society that espouses the concept of personal privacy, yet actually providing such privacy is becoming progressively harder.

This book was originally planned for publication in 1998. The author actually gave up writing it before publication because he could see no way to do more than make the reader believe that pursuit of real computer security was a hopeless task. It was not until April 1999 that something happened that changed his mind and led to the rewrite which finished up as the book that I have on my desk.

If you are concerned about computer security (and you would be mad not to be) this book will provide you an extensive understanding of the broad band of issues as well as some ideas about how the risks can be managed.

If you only have time to read a single book on the subject, this is the one to read. I think you owe it to yourself to take the time to read this book.

Highly recommended to all.