Beyond Fear: Thinking Sensibly About Security in an Uncertain World (Anglais) Relié – 28 juillet 2003
Produits fréquemment achetés ensemble
Les clients ayant acheté cet article ont également acheté
Descriptions du produit
Revue de presse
"Schneier provides an interesting view of the notion of security, outlining a simple five-step process that can be applied to deliver effective and sensible security decisions. These steps are addressed in detail throughout the book, and applied to various scenarios to show how simple, yet effective they can be....Overall, this book is an entertaining read, written in layman's terms, with a diverse range of examples and anecdotes that reinforce the notion of security as a process." --Computing Reviews
"Schneier is a rare creature... Although he made his name as an alpha geek in cryptography... [he] can also speak to laypeople about the general security matters that increasingly touch all of our lives." --Business Week
Présentation de l'éditeur
Aucun appareil Kindle n'est requis. Téléchargez l'une des applis Kindle gratuites et commencez à lire les livres Kindle sur votre smartphone, tablette ou ordinateur.
Pour obtenir l'appli gratuite, saisissez votre adresse e-mail ou numéro de téléphone mobile.
Détails sur le produit
En savoir plus sur l'auteur
Dans ce livre(En savoir plus)
Commentaires en ligne
Meilleurs commentaires des clients
Si B. Schneier s'est tout d'abord fait connaitre et reconnaitre comme un expert en matière de cryptographie, ses réflexions et pensées sur la sécurité d'une manière plus générale sont pleine de sagesse.
Ecrit au lendemain des attentats du 11 septembre, Beyond Fear incite et invite le lecteur à réfléchir au delà de ses peurs et à ne pas tout accepter au nom de la sacro-sainte sécurité.
Voici un ouvrage qui aurait tout autant sa place au rayon Philosophie qu'Informatique.
Commentaires client les plus utiles sur Amazon.com (beta)
Schneier's book expands on the ideas in the article. Although Schneier is a technology fan and it is his livelihood, he realizes that sometimes a live security guard can provide better security than cutting-edge (but still fallible) face-recognition scanners, for instance. He explains why national ID cards are not a good idea, and how iris-scanners can be fooled.
These are ideas for security on a large scale, for airports, nuclear and other power plants, and government websites. For security on an individual or small business scale, try Art of the Steal by Frank Abagnale. But even if you don't run a government, Beyond Fear is a fascinating read about how your government is making choices (and how they SHOULD be making choices about your security and about your rights.
The book is easy reading -- it flows quickly and keeps returning to a common set of themes. These are set against many contexts so you're sure to find something familiar. You won't find any math or greek notation in here, to the disappointment of "Applied Cryptography" die-hards but the relief of everyone else.
The underlying message, seeing beyond the Fear, Uncertainty, and Doubt (FUD) propagated by mass media and the government, is a key one to understanding why it's OK to question this hyper-security-conscious world we find ourselves in. Airline security is an arena familiar to most business travelers, and we as passengers are expected not only to accept increasingly invasive measures, but welcome them without hesitation. Bruce teaches us how to evaluate the efficacy of these schemes both individually and in the aggregate. The results will surprise all but the most cynical among you.
That said, this is not the textbook of a conspiracy theorist. Bruce willingly admits that improving security correctly is a worthwhile pursuit, and even teaches us how to do it. You won't find the rantings of an ill-informed libertarian crackpot.
If your interests lead you to ask questions and be curious about the changes to your world in recent years, you will find this an entertaining and informative volume. Democrat or Republican, luddite or technology businessperson, it's worth a look at your earliest opportunity.
However, its not overtly political, and gives dozens (perhaps a 100) practical worked examples of good & bad, effective & ineffective, responses to security issues, whether it be physical, electronic etc.
There is a 5-step process which I found useful to apply to everyday situations; and (in highly abbreviated form) these are : what are you trying to protect; what are the risks; risk mitigation; risks caused by the solution; trade-offs
The core message is : "as both individuals and a society, we can make choices about our security", and this book helps you understand how to make those informed decisions.
Schneier addresses this in the framework of a five questions to ask about security. Although the process seems crude, it does touch the heart of security issue - what are we trying to protect, why, and what happens if we don't protect it?
I particularly like his idea of brittle versus flexible security. When a brittle security system fails, you asset is screwed. A (poor) example would be burying your money in your back yard. If this is compromised (someone finds it), then you loose all your money, and that's the end of it. Compare this to a baking account. If someone robs the bank, or fraudulently takes your money, the bank is obliged to get you your money back. (So maybe you should bury your bank account number and password in yuor back yard!)
Although much of the discussion is on the level of national security, he also has gems of wisdom like suggesting that you leave the bathroom light on while you're away to deter burglars. And he points out yuor identity is more likely to be stolen from your discarded papers than from someone stealing your info on the internet.
I really appreciate the last part of the book where he lists the most-likely causes of death among Americans. What I got from that was not that I should avoid international airports, or dig a fallout shelter, but simply that I should make sure that I and my family are securely buckled up when we drive. Now that's putting 9/11 into perspective.
Rather than reiterating things said in the many positive reviews, I'd like to take issue with one reviewer who says Schneier misuses the term "threat." In particular, this reviewer says "A threat is a party with the capabilities and intentions to exploit a vulnerability in an asset." This definition is both counter to standard English usage and counter to standard usage within the computer security field. Every book on my shelf has roughly the same definition of threat: "Threat: a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability" -- Stallings, Network Security Essentials, p. 5. So a threat is condition or event, not a party. The reviewer seems to confuse threat with potential adversary.
Schneier's terminology is the standard terminology, and he uses it correctly.
Rechercher des articles similaires par rubrique
- Livres anglais et étrangers > Boutiques > Chercher au Coeur! > Livres en anglais
- Livres anglais et étrangers > Law > Criminal Law
- Livres anglais et étrangers > Nonfiction > Current Events > Terrorism
- Livres anglais et étrangers > Nonfiction > Politics
- Livres anglais et étrangers > Nonfiction > Social Sciences