Beyond Fear: Thinking Sensibly About Security in an Uncertain World.

This book is very informative, interesting, and entertaining. I've recommended it to people both within and outside the CS and IT communities w/o reservation. Rather than reiterating things said in the many positive reviews, I'd like to take issue with one reviewer who says Schneier misuses the term "threat." In particular, this reviewer says "A threat is a party with the capabilities and intentions to exploit a vulnerability in an asset." This definition is both counter to standard English usage and counter to standard usage within the computer security field. Every book on my shelf has roughly the same definition of threat: "Threat: a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability" -- Stallings, Network Security Essentials, p. 5. So a threat is condition or event, not a party. The reviewer seems to confuse threat with potential adversary. Schneier's terminology is the standard terminology, and he uses it correctly.

I first read about Bruce Schneier in an eye-opening article by Charles Mann in the September, 2002 issue of The Atlantic Monthly. It seems that you don't have to make the false choice everyone is agonizing over between security and liberty. You can have both. Schneier's book expands on the ideas in the article. Although Schneier is a technology fan and it is his livelihood, he realizes that sometimes a live security guard can provide better security than cutting-edge (but still fallible) face-recognition scanners, for instance. He explains why national ID cards are not a good idea, and how iris-scanners can be fooled. These are ideas for security on a large scale, for airports, nuclear and other power plants, and government websites. For security on an individual or small business scale, try Art of the Steal by Frank Abagnale. But even if you don't run a government, Beyond Fear is a fascinating read about how your government is making choices (and how they SHOULD be making choices about your security and about your rights.

I have read a number of the Pro and Con reviews. I think it is important to take a good look at the title of the book, and use that as a guide to a buying decision. This book is not an in-depth cookbook of technical approaches to combat hackers, but rather a sensible way of looking at the issues that contribute to an aura of security, the appearance of security, and actually being secure. I really liked the whole premise, because we are such an image conscience, and sound-bite oriented society that it can become quite difficult to deliver a thought-provoking treatise on a topic that many think they know so much about.My only negative comment would be that it got a little slow at the end, for me. Maybe I was just tired that night or something. He cites a few excellent examples of places or instances where someone did something that they honestly felt would contribute to increased security, when the actual effect turned out to be the opposite. If I may draw a crude comparison: if you appreciated some of the observations, and perhaps even the writing style and presentation in Hammer and Champy's "Reengineering the Corporation", then you will like and appreciate this volume. The way Mr. Schneier presents information, and the way he introduces you to perceived vs. actual may strike you as being similar. (No offense meant to either author - I enjoyed both)Happy trails.

Executive summary: Timely and well written. Buy it.Bruce has a great ability to "keep it real" - which is why his books are so readable and down to earth. With a background in cryptography, Bruce has broadened his scope to become one of the broadest-thinkers in security today - no mean feat by any measure.One of the reasons I tell my corporate consulting clients to "Read Bruce's books" is because he's able to put things into the overall context in a way that is uplifting rather than depressing or overwhelming. For example, I consider "Secrets and Lies" (and now "Beyond Fear") to be essential bookshelf material for anyone who has to deal with security. When people are starting in security and ask me where to begin, it's with these books. Absorbing them, and the concepts behind them, is a good way of avoiding the pitfalls in this complex field.For the non-security-professional, this book is also a terrific read. Read it more like it's a spy novel, sit back, and enjoy it. Movie script-writers? If you're going to write a script that touches on computer security: read this book.mjr.

Bruce's greatest strength is in the role of Evangelist -- he translates the complex aspects of security into a vocabulary suitable for common consumption. If you're a sociologist, a risk management officer, or a cultural psychologist, you'll be familiar with a lot of the upstream references from which Bruce draws his examples. Conversely, if you're working in an office where "solving that security problem" is one of your many tasks, you won't have the time or inclination to dig out the esoteric sources. Consider this book as an alternative, far less onerous choice.The book is easy reading -- it flows quickly and keeps returning to a common set of themes. These are set against many contexts so you're sure to find something familiar. You won't find any math or greek notation in here, to the disappointment of "Applied Cryptography" die-hards but the relief of everyone else. The underlying message, seeing beyond the Fear, Uncertainty, and Doubt (FUD) propagated by mass media and the government, is a key one to understanding why it's OK to question this hyper-security-conscious world we find ourselves in. Airline security is an arena familiar to most business travelers, and we as passengers are expected not only to accept increasingly invasive measures, but welcome them without hesitation. Bruce teaches us how to evaluate the efficacy of these schemes both individually and in the aggregate. The results will surprise all but the most cynical among you.That said, this is not the textbook of a conspiracy theorist. Bruce willingly admits that improving security correctly is a worthwhile pursuit, and even teaches us how to do it. You won't find the rantings of an ill-informed libertarian crackpot. If your interests lead you to ask questions and be curious about the changes to your world in recent years, you will find this an entertaining and informative volume. Democrat or Republican, luddite or technology businessperson, it's worth a look at your earliest opportunity.