Beyond Fear: Thinking Sensibly About Security in an Uncertain World Hardcover – May 4 2006
Customers Who Bought This Item Also Bought
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.
To get the free app, enter your mobile phone number.
"Does arming pilots make flying safer? Computer security guru Schneier applies his analytical skills to real-world threats like terrorists, hijackers, and counterfeiters. BEYOND FEAR may come across as the dry, meticulous prose of a scientist, but that's actually Schneier's strength. Are you at risk or just afraid? Only by cutting away emotional issues to examine the facts, he says, will we reduce our risks enough to stop being scared." -- Wired
"Schneier provides an interesting view of the notion of security, outlining a simple five-step process that can be applied to deliver effective and sensible security decisions. These steps are addressed in detail throughout the book, and applied to various scenarios to show how simple, yet effective they can be....Overall, this book is an entertaining read, written in layman's terms, with a diverse range of examples and anecdotes that reinforce the notion of security as a process." --Computing Reviews
"Schneier is a rare creature... Although he made his name as an alpha geek in cryptography... [he] can also speak to laypeople about the general security matters that increasingly touch all of our lives." -- Business Week
"Once again Schneier proves that he is the one of few people who indeed understands security, and what is more important and more difficult, can explain complex concepts to people not specializing in security. Whatever your trade and whatever your background, go ahead and read it ..." -- itsecurity.com
"In his new book, 'Beyond Fear', Bruce Schneier -- one of the world's leading authorities on security trade-offs -- completes the metamorphosis from cryptographer to pragmatist that began with Secrets and Lies, published in 2000." -- infoworld.com
About the Author
Bruce Schneier is the author of seven books, including Applied Cryptography which Wired called "the one book the National Security Agency wanted never to be published" and Secrets and Lies, described in Fortune as a "startlingly lively jewel box of little surprises you can actually use." He is also founder and Chief Technology Officer of Counterpane Internet Security, Inc., and publishes Crypto-Gram, one of the most widely read newsletters in the field of online security.
Top Customer Reviews
It is not technical at all and does not necessitate any particular background to understand and enjoy. The author explains clearly how to make a risk assessment of something that you want to make more secure and then evaluate the cost of the security measures. Only when you have that data, you can evaluate if the added security is worth it.
These explanations are backed up with concrete examples such as evaluating the risk to make purchase with a credit card over the internet. Other examples include the absurdity of securing a lunch in a company refrigerator because the potential loss if having a lunch stolen does not justify securing it. The author also explains that even with technologies that looks very accurate such as facial recognition with an error rate of, let's say, 0.0001 % are totally ineffective when they have to control a huge number of persons like a stadium crowd because even with this accuracy, they would create an unmanageable amount of false positive alerts.
The author also elaborate about why you should question the motivation of a security provider when it is a third party and link this with how people fears can be exploited to introduce invasive, excessively expensive and inefficient security measures. I think that the goal of the author was to make people more critics about security questions and my opinion is that his goal has been successfully achieved.
My only negative comment would be that it got a little slow at the end, for me. Maybe I was just tired that night or something.
He cites a few excellent examples of places or instances where someone did something that they honestly felt would contribute to increased security, when the actual effect turned out to be the opposite. If I may draw a crude comparison: if you appreciated some of the observations, and perhaps even the writing style and presentation in Hammer and Champy's "Reengineering the Corporation", then you will like and appreciate this volume. The way Mr. Schneier presents information, and the way he introduces you to perceived vs. actual may strike you as being similar. (No offense meant to either author - I enjoyed both)
Schneier's book expands on the ideas in the article. Although Schneier is a technology fan and it is his livelihood, he realizes that sometimes a live security guard can provide better security than cutting-edge (but still fallible) face-recognition scanners, for instance. He explains why national ID cards are not a good idea, and how iris-scanners can be fooled.
These are ideas for security on a large scale, for airports, nuclear and other power plants, and government websites. For security on an individual or small business scale, try Art of the Steal by Frank Abagnale. But even if you don't run a government, Beyond Fear is a fascinating read about how your government is making choices (and how they SHOULD be making choices about your security and about your rights.
in your review you wrote:
"A threat is a party with the capabilities and intentions to exploit a vulnerability in an asset"
"All of these terms were defined years ago by military intel and law enforcement types" and
" It's the digital security community that's obscuring the definitions"
I disagree. Information security just has slightly different jargon. That's not an uncommon source of confusion in different, but related, professional fields, and there's a particular reason why we're really not interested in the military definition of "threat".
In the information security field, "risk" and "vulnerability" have roughly the same meanings that you use. However, "threat" means something more like "a method of exploiting a vulnerability or combination of vulnerabilities to cause a loss", while what you call a "threat" is an abstraction called an opponent or adversary. When we talk about "threat analysis", we mean examining ways vulnerabilities can be combined and exploited and what kinds of losses they can cause; these analyses may then be used as inputs to a risk analysis model. In the lunch room example you cited, the threat is "casually saunter up to the fridge, glance around, take a lunch, scurry away", and would be characterised as "low cost, low skill, low risk of discovery". The threat is indeed the same whether or not there is an opponent to exploit it.Read more ›
Most recent customer reviews
Bruce Schneier hits the jackpot with this common sense book on security. It is a good read for just about anyone with an interest in the field of Information Security. Read morePublished on Dec 13 2007 by Horace McPherson
Bruce Schneier is a well known security expert and author of one of my favorite technical books of all time, Applied Cryptography. Read morePublished on Jan. 23 2004 by Amazon Customer
Not quite what I'd expected. I'd read & enjoyed 'Secrets & Lies', and I thought this would be more of the same. Read morePublished on Jan. 21 2004 by Keith Appleyard
I thought this book would tell me something I didn't know. It didn't. I thought it would be interesting enough to keep me awake and wanting to read it. It wasn't. Read morePublished on Dec 11 2003
Some pedants may decry Bruce's many semantic flaws, but these same people have neglected to realize that their biggest mistake was to buy the book to begin with.
BZZZT. Read more
_Beyond Fear_ is a good book, and I'd put it into the "should read" but not "must read" category for people working in security (as opposed to _Secrets and... Read morePublished on Nov. 20 2003 by James J. Lippard
If Bruce Schneier has acquired a habit, it is the ability to take the same old material and rehash it into different books, year after year. Read morePublished on Nov. 13 2003
"Beyond Fear" is a good book, but don't turn to it for proper definitions of security terms. Steer clear of this book's misuse of the words "threat" and "risk. Read morePublished on Oct. 31 2003 by Richard Bejtlich
Look for similar items by category
- Books > Computers & Technology > Certification Central > Exams > Security+
- Books > Computers & Technology > Computer Science > Information Theory
- Books > Computers & Technology > History & Culture > Government
- Books > Computers & Technology > Web Development > Security & Encryption > Encryption
- Books > Medical Books
- Books > Politics & Social Sciences > Crime & Criminals > Law Enforcement
- Books > Politics & Social Sciences > Current Events > Poverty > Social Services & Welfare
- Books > Politics & Social Sciences > Current Events > Terrorism
- Books > Politics & Social Sciences > Politics > Terrorism
- Books > Politics & Social Sciences > Social Sciences > Social Work
- Books > Politics & Social Sciences > Social Sciences > Sociology
- Books > Professional & Technical > Engineering
- Books > Science & Math > Medicine
- Books > Textbooks > Computer Science & Information Systems
- Books > Textbooks > Engineering
- Books > Textbooks > Medicine > Medicine > General
- Books > Textbooks > Sciences
- Books > Textbooks > Social Sciences > Political Science