* Bruce Schneier’s latest book is about how to go beyond fear to think about security Bruce Schneier has been one of my heroes for many years, not least because of the clarity of his thought and the crispness of his writing. Readers of this column have seen references in the past to his free monthly Crypto-Gram newsletter, and I hope you have subscribed to that always-worthwhile publication.In 2000, Schneier published a groundbreaking primer for non-nerds called Secrets & Lies in which he confronted many misunderstandings and outright myths about security in the digital realm. In 2003, he continued his educational efforts with Beyond Fear, a superb analysis of the basis of rational thought about security in the wider world – not just computers and networks.Schneier is so clear that even his chapter titles stimulate thought:Part One: Sensible Security 1. All Security Involves Trade-offs2. Security Trade-offs Are Subjective 3. Security Trade-offs Depend on Power and AgendaPart Two: How Security Works4. Systems and How They Fail5. Knowing the Attackers6. Attackers Never Change Their Tunes, Just Their Instruments7. Technology Creates Security Imbalances 8. Security Is a Weakest-Link Problem9. Brittleness Makes for Bad Security10. Security Revolves Around People11. Detection Works Where Prevention Fails 12. Detection Is Useless Without Response13. Identification, Authentication And Authorization14. All Countermeasures Have Some Value, But No Countermeasure Is Perfect15. Fighting TerrorismPart Three: The Game of Security16. Negotiating for Security17. Security DemystifiedOne of the most important conceptual frameworks articulated by Schneier are five steps for analyzing any proposed security measure, whether for computers, networks or social systems:Step 1: What assets are you trying to protect?Step 2: What are the risks to those assets?Step 3: How well does the security solution mitigate those risks?Step 4: What other risks does the security solution cause?Step 5: What trade-offs does the security solution require?Over and over, Schneier shows that sloppy thinking leads to poor choices of security solutions that can make security worse instead of better. His analyses include such diverse issues as protecting credit-card numbers used for Internet shopping, security screening at airports, increased secrecy in the U.S. after 9/11, airline-passenger profiling, home burglar alarms, national ID cards, military actions against terrorism and other interesting topics.I would love to send policy makers in our nation’s government copies of this book, but I greatly fear that most would not read it. You, on the other hand, as intelligent readers of this column, will get a great deal out of reading Schneier’s book – and THEN you can try to explain its main points to your Congress critters and to any policy wonks you happen to know.Good luck – for all of us. Related content how-to Doing tricks on the Linux command line Linux tricks can make even the more complicated Linux commands easier, more fun and more rewarding. By Sandra Henry-Stocker Dec 08, 2023 5 mins Linux news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Network Security Network Security Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe