Security and Schneier’s Beyond Fear

April 11, 2007 at 1:00 pm Leave a comment

Security and Schneier’s Beyond Fear

I read Schneier’s Beyond Fear (http://www.schneier.com/book-beyondfear.html) and found it interesting and relevant.  I think “Security Literacy” is sorely needed in today’s everyday life.

p14 Schneier’s “five-steps” to analyze security:
1. What assets are you trying to protect?
2. What are the risks to those assets?
3. How well does the security solution mitigate those risks?
4. What other risks does the security solution cause?
5. What costs and trade-offs does the security solution impose?

p20 Differentiating between threats and risks – a threat is a potential way an attacker can attack a system.  A risk takes into account both the likelihood of the threat and the seriousness of a successful attack.

p48 “…adding security to anything requires a system….  Without systems – and our ability to combine smaller systems into larger systems, as well as to break larger systems down into smaller systems to better understand and engineer them – the complexity of modern-day life would be impossible.  The word systems is also used to describe complex social, political, and economic processes…collections of interacting processes.

p66 James Bamford, book about the NSA?

p.78 David Brin, and “a transparent society in which security in enhanced precisely because everybody can see everything.”

p90 Complexity is the worst enemy of security. Niklaus Wirth once said: “Increasingly, people seem to misinterpret complexity as sophistication, which is baffling – the incomprehensible should cause suspicion rather than admiration.”

p162 “The problem isn’t obtaining data, it’s deciding which data is worth analyzing and then interpreting it”

p257  “When faced with a security countermeasure, you have to evaluate its effectiveness in mitigating your personal risk in your situation, and the you have to determine what the trade-offs are and if they’re worth it to you.”

p260 “security is never done; it’s a never-ending process….constantly reviewing and rethinking your security choices is your best hope for staying ahead of the attackers.”

p277 “Civilization has been around for 5500 years….”  That’s weird to think about.

p279
Schneier Risk Demystification.  Make sure you understand the risks, effectiveness of countermeasures, trade-offs, unintended consequences. 

Schneier Secrecy Demystifications.  Secrecy is anathema to security: it’s brittle, it can conceal abuse, and it prevents you from having the information you need to make sensible trade-offs.

Schneier Agenda Demystification.  Don’t blindly accept “It’s for security purposes”  people often have non-security agendas behind security trade-offs.

p281 Leave your bathroom light on when you’re out of the house.  Burglars know homeowners could be in the bathroom any time of night for any length of time and will avoid your house.

p282 http://www.schneier.com/crypto-gram.html a security newsletter.

Advertisements

Entry filed under: information literacy.

Scared off the web? Teaching online safety in the schools Checklists for Life

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Companion wiki

Del.icio.us tags

Feeds


%d bloggers like this: