Beyond Fear

Just read Beyond Fear, by Bruce Schneier, the computer security expert. Schneier describes his method for evaluating and countering security threats, and applies them to the policies in place responding to September 11.
One of the things that I really like about Schneier is that he asserts that most people are moral and ethical, even as he analyzes the vulnerabilities of systems to attack.
One reason that I had avoided the security topic in the past is that the conversation seemed to be driven by Tom Clancy-style paranoia. People who talked about security had a typical introductory spiel explaining that the world is a much more dangerous place than most people assume; security professionals live on the edge; protecting the unsuspecting flock from the terror that lurks outside, using complex, secret knowledge. Security experts portray a glamorous image of a elite, living in a world of fear, and attempting to impart that frisson of terror to their audience.
By contrast, Schneier presents a sensible and logical way of looking at risks, protection strategies, and trade-offs. He makes a cogent argument that it is important to have security professionals with practice recognizing situations that are rare to most people. He presents the complexity involved in analysis and defence. And he puts those risks in context; he portrays a world in which serious danger is not wholly preventable, but subject to mitigation, and mostly rare.

Leave a Reply

Your email address will not be published.