When this book first came out in 2004, I didn’t read it because I dismissed it as “just another one of those post-9/11 security books”. That was a big mistake on my part, as this book serves as a very effective antidote to the fear and uncertainty that has been generated around security since then.
Schneier is a leading expert on computer and network security, and cryptography, and I had already read two of his books on those topics. I was unexpectedly surprised at the plain-language approach to security in this took—which covered both physical and IT security. The book is filled with very smart security thinking.
Chapter 16 is titled, “Negotiating for Security.” I certainly wished that I had seen that material earlier. That chapter alone is worth the price of the book.
Chapter 3 is titled, “Security Trade-offs Depend on Power and Agenda.” I give Schneier a lot of credit for being brave enough and astute enough to write in a helpful way about a dimension of security—organizational politics—that all security practitioners experience, but few talk about. Here is the first paragraph in that chapter:
Most security decisions are complicated, involving multiple players with their own subjective assessments of security. Moreover, each of these players also has his own agenda, often having nothing to do with security, and some amount of power in relation to the other players. In analyzing any security situation, we need to assess these agendas and power relationships. The question isn’t which system provides the optimal security trade-offs—rather, it’s which system provides the optimal security trade-offs for which players.
This is a real-world book about security.
Schneier doesn’t hesitate to point out our own general personal weaknesses and biases regarding security, to help improve our judgement and make us better “consumers” of security. For example, Schneier says in Chapter 2, “More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk.”
Whether you are a security professional or not this book will change the way you think about security, for the better.