Keywords
Citation
Howard, W.R. (2009), "Schneier on Security", Kybernetes, Vol. 38 No. 9, pp. 1636-1637. https://doi.org/10.1108/03684920910991603
Publisher
:Emerald Group Publishing Limited
Copyright © 2009, Emerald Group Publishing Limited
Computer security is undoubtedly the subject of the moment and this author who includes his name in the title is regarded as a leading figure on the subject. Anyone who has a computer system lives in perpetual fear that someone from somewhere in the world will gain access to it with the consequences we read about daily. The case for protecting our systems whether personal or national ones is obvious and any protection that is on offer is worth considering. There are so many ways of attempting to secure our systems and so many security companies offering advice that even the experienced practitioner of systems is often at a loss to recommend any one computer security system. Bruce Schneier offers a collection of 12 chapters on a range of subjects in an attempt to cover the important topics of the field. He has the experience to offer authoritative advice and discussion and he does this in a neat easy style that makes the book very readable.
The author is intent on giving practical advice about security and advice that allows for updating to meet the ever‐ changing scene. There are, of course, a great number of questions to be asked about computer security and even in 12 chapters they cannot easily be posed or covered. For many system users, the main questions to be asked is: why do we need to secure our systems? Who or what are we defending the system from? These questions often appear to be naive, but are they? They form a totality and we can only find solutions to a subset. Changing forms of attack make some solutions redundant and ineffective. In his compilation, Schneier offers some solutions and prepares the reader for the new generation of systems and security challenges.
One important point he makes is to emphasise that security systems may necessarily affect the efficiency and running of the system. A choice must be made by systems managers and the usual trade‐offs familiar to anyone in the commercial world have to be made. The economics of the system in all its aspects cannot be ignored. The case studies he includes help in making these decisions. The book is to be recommended to all users of systems but in particular to those with the enormous responsibility of safeguarding the security/integrity of our major national and commercial installations. The security problems of the personal computer user are almost insignificant in comparison, but equally important perhaps to the “small user”. This book aims to look at the wider scene and Schneier's experience in the field is worth having for the price of this text.