Reviews

User reviews

User Review - Flag as inappropriate

This is realy a interresting book! i"m only halfway into it and i can't stop myself from readingi !

User Review - Flag as inappropriate

TITLE: "Book stradles both worlds: academia and corporate world ..." April 19, 2005
/
of IT Security.
/
While Bruce Schneider rehashes old ideas discussed in his other IT Sec books, this read is well organized, with lots of practical examples and quite thorough in his extensive coverage of all security measures.
/
The best thing about this book is how the presentation of various IT Security measures makes the reader aware of how imporatnt security policies are and what the important aspects of security management are. This read is definitely beneficial for IT and Security managers.
/
When reading this book I could not help but get annoyed with how verbose this book is. One could easily eliminate various paragraphs and still maintain the integrity of the books message.
 

User Review - Flag as inappropriate

http://www.sindark.com/2007/10/22/secrets-and-lies/
Computer security is an arcane and difficult subject, constantly shifting in response to societal and technological forcings. A layperson hoping
to get a better grip on the fundamental issues involved can scarcely do better than to read Bruce Schneier’s Secrets and Lies: Digital Security in a Networked World. The book is at the middle of the spectrum of his work, with Beyond Fear existing at one end of the spectrum as a general primer on all security related matters and Applied Cryptography providing far more detail than non-experts will ever wish to absorb.
Secrets and Lies takes a systematic approach, describing types of attacks and adversaries, stressing how security is a process rather than a product, and explaining a great many offensive and defences strategies in accessible ways and with telling examples. He stresses the impossibility of preventing all attacks, and hence the importance of maintaining detection and response capabilities. He also demonstrates strong awareness of how security products and procedures interact with the psychology of system designers, attackers, and ordinary users. Most surprisingly, the book is consistently engaging and even entertaining. You would not expect a book on computer security to be so lively.
One critical argument Schneier makes is that the overall security of computing can only increase substantially if vendors become liable for security flaws in their products. When a bridge collapses, the construction and engineering firms end up in court. When a ten year old bug in Windows NT causes millions of dollars in losses for a company losing it, Microsoft may see fit to finally issue a patch. Using regulation to structure incentives to shape behaviour is an approach that works in a huge number of areas. Schneier shows how it can be made to work in computer security.
Average users probably won’t want to read this book - though elements of it would probably entertain and surprise them. Those with an interest in security, whether it is principally in relation to computers or not, should read it mostly because of the quality of Schneier’s though processes and analysis. The bits about technology are quite secondary and pretty easily skimmed. Most people don’t need to know precisely how smart cards or the Windows NT kernel are vulnerable; they need to know what those vulnerabilities mean in the context of how those technologies are used. Reading this book will leave you wiser in relation to an area of ever-growing importance. Those with no special interest in computers are still strongly encouraged to read Beyond Fear: especially if they are legislators working on anti-terrorism laws.
 

User ratings

5 stars
6
4 stars
4
3 stars
2
2 stars
0
1 star
0

All reviews - 3
4 stars - 0
2 stars - 0
1 star - 0
Unrated - 0

All reviews - 3
Editorial reviews - 0

All reviews - 3