Beyond Fear: Thinking Sensibly About Security in an Uncertain World.

I was pretty excited to read Bruce Schneier's Beyond Fear, I have enjoyed hearning him speak and like his blog. I will say that the book could have said what it says with a lot less pages, possibly even an essay. However, there are lots of great stories and a fantastic word picture called "Security Theater". His illustration is that after 9/11 no one knew what to do to combat air terrorism, so they gave the appearance of action by doing things like confiscating nail files. Oh do I agree that much of what we see is security theater!Bruce has a five step process he tries to illustrate, especially in the second half of the book: * What assets are you trying to protect? * What are the risks to these assets? ( I think threats is a more correct word than risks ) * How well does the security solution mitigate those risks? * What other risks does the security solution cause? * What trade-offs does the security solution require?This is a nice implementation of threat vector analysis and he tells great stories. I am not sure the book teaches that much, but it might be a valuable awareness tool for executives.

Bruce Schneier is well-known for his book  Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition , and bringing the concept of cryptography down to be understood by mere mortals. A cryptographer by trade, in the last decade, he has focused on more practical impediments to security. In Beyond Fear, he focuses on practical security measures, largely in the context of air travel in a post-9/11 world. With simple, concrete, and logical examples (and indeed an complete security process), he explains how security tradeoffs are driven by specific agendas, and that increased security in one area usually leads to overlooked or weakened security in another area. He lays out well-considered arguments for the need for what he calls "security theatre" (the APPEARANCE of good security vs. ACTUAL good security), and how we make our own security tradeoffs every day, based on our understanding of risks - which may be completely flawed based on statistics.At its core, though, Beyond Fear explains how a system can never be 100% safe, and our desire to have a system that is impervious to attack is often driven by an emotional need, and not based on logic, fact, and rational analysis - and is often at odds with our desire for personal freedoms, which is often what we're seeking to secure. It offers hope, however, that by understanding the real risks we face, we're able to make smart, individual tradeoffs about our personal safety and security - preserving both our liberty and personal safety.It's a fantastic book, if you have any interest in security or the security-freedom tradeoff. It's well-written, simple to understand, engaging, and direct. At points, Schneier gets a little preachy about personal freedom, but his agenda will likely resound with most readers. His personal commentary is short-lived, however, and for the vast majority of the book, it's a well-balanced, rational analysis of our system's strengths and weaknesses, and our individual roles in it.

Five stars for a book that lays out five steps to think about and analyze any and all security systems, from street mugging to encryption, from home security to national security, in terms of what needs to be protected, how to protect it, who is trying to get at it, what's it worth, and what trade-offs or externalities the proposed security incurs. Also breaks down the human factor, disentangles identification from authentication from authorization, and breaks down the different prongs of security: defense (prevention), response, deterrence, audit/forensics.The concepts in this book will be familiar to anyone acquainted with threat or risk analysis and the making of 'attack trees', which are a subset of 'who's trying to get at this' and 'how can they be stopped?'Grounded in a thoroughly secular evolutionary worldview, from which innumerable illustrations are drawn, and working from a thoroughly atheistical anthropology which believes in the inherent goodness of human nature, the analysis is hampered from reaching the heights of truth and probing some of the deep things of security, but as a practical layman's introduction it is not hampered as much as it could be (as if it were, say, a text looking for the underlying cause of security failure, subornability, etc.), and does its job admirably.

Having already read "Secrets and Lies", I often felt like I had already read this book.Even if this is your first Schneier, however, I completely agree with other reviewers that there is a lot of padding going on, and the contents of the book could have been presented much more succinctly.I think quality (as opposed to quantity) of the contents is what's saving this title. The author gives a professional and detached opinion about security in general, focussing often on post-9/11 security countermeasures.Today (2009) parts of this book are obviously outdated, but sadly, much of its rational analyses are still valid. It's clearly not been a favourite read among post-9/11 politicians.

A decade after 9/11 the security theatre that Bruce identified persists and shows no signs of flagging and is permeating its way into every aspect of western life. Bruce's work is an excellent read, it's just unfortunate that no one was listening.

Highly Recommended! This is a must-read for any entry level individual looking for information about security, both physical security and cybersecurity.

Books on security generally compete for which can be the dullest with the greatest number of pages. What a relief to find it was entertaining, with lots of pertinent and interesting--many amusing--examples. Thoughtful, well-organized and perfect for anyone that needs a good foundation in security.Mike Riess

Anyone involved in any kind of security should read this book. While the politicians and the hysterical media scream about face recognition, and other security panaceas, Bruce Schneier explains simply and logically why it doesn't work and proposes much simpler and more effective measures.Take face recognition as an example. Even a system claiming 99.9% accuracy (which none are) will still fail 1 in 1000 times. How many times would it fail when used on football crowd? Or at an airport? How are the police better off when they have to deal with dozens of false positives from the most perfect system? What is the point of a system which requires every face to be logged in a database when terrorists are so sparse to begin with (and not necessarily in the database)? Obviously it's ridiculous, but this doesn't stop people claiming such nonsense will prevent another 9/11 or whatever.Instead he advocates human intelligence - security guards who are trained to recognize signs that people are behaving oddly (or 'hinky' as one officer described a terrorist caught smuggling a bomb). This and common sense security based upon risk assessment. As one of the world's leading experts on security, his is a voice that should be listened to. Unlike his crypto books, there is no an equations to be found here. Instead he highlights his points with real world examples and analogy. This tends to become a little tiresome in places, but the point is well made.It's too bad that someone as informed as Schneier isn't in charge of policy. Otherwise we might be in a world where money would be spent on systems which actually protect us, rather than offer faux security and inconvenience.

Having read "Secrets & Lies" by the same author a few years before, I was interested to see what else he had to say. Bruce Schneier is a leading thnker in the world of security and is able to make the topic interesting and relevant to people that otherwise might find it quite dull.In this book, he also looks at many aspects of physical security, and in particular the way that security is being implemented in the modern world. He is highly critical of many security measures and explains in precise detail why they are so ineffective; and why we should still not be that concerned about this, except for the extra cost burden it places on us.I would strongly advise that if you are involved in physical or digital security in any way, that you should have a copy of this book and that you should re-read it from time to time. Even if it is not a primary part of your job, you may well find it of value.

This is an excellent book overall. The author is no hardline libertarian, for sure; he does accept intrusions by the state in the name of security that I might object to, but what is so impressive about the book is the measured, rational way he goes about showing the pros and cons of security measures. It is the sort of book that policymakers here in London would do well to study. A fine antidote to hysteria and complacency in equal measure.

Happy staff when they saw this on the office bookshelf

A good read