ncyoung.com
This entry is in the following categories:
I just read secrets and lies by Bruce Schneier. It was a fun read, especially the first two thirds.
Things I liked:
- His writing is generally good and he's entertaining. I'm already fascinated with the topic, and this book was great at focusing on the most important topics without hitting a lot of technicality.
- comparisons of computer security to physical security
- compelling and accessible explanation of ways in which security is a complex and difficult beast to analyze
- examining the conflict between security and complexity of systems, and the fact that we've consistently chosen the later
- cogent presentation of basic tools for analyzing and thinking about security: evaluating weakest links, interdependencies, and human factors
Things I didn't like:
- comparisons of computer security to real world security
- promoting his company in the last chapter called into question his objectivity (many of the points he used to sell his own company were presented throughout the book)
- given the fact that complexity is the major enemy of security, it would seem that reducing complexity would be a great first step towards securing systems. There was undue hand-wringing over the fact that systems are getting more complex at a dizzying rate and the market isn't doing anything to correct for it. For the general purpose computer, this trend is likely to continue. I would have liked to hear some exploration of methodology or philosophy of using an appropriate level of complexity for a given task.
Dated: 12/26/2002
|
|
|