I should have mentioned this earlier, because I’ve been reading it for most of the month, but as I mentioned previously, things have been crazy busy for a couple of weeks now.
My current book is Beyond Fear by Bruce Schneier, an easy to read and highly insightful tome on Information Security. Actually, it covers more than just Information Security — it addresses the challenges of security on a whole.
It’s a great read for those who may not be into the whole security thing, or don’t have a background in the realm of physical or information security. It’s also an outstanding read for those whose responsibilities include the security of systems, networks and overall enterprises.
He says things that should be common sense, but are clearly not put into common usage if you look around. For example:
An insecure system can exist for years before anyone notices its insecurity. Just because your home hasn’t been broken into in decades doesn’t mean that it’s secure. It might mean simply that no one has ever tried to break in, or it might mean that dozens have tried to break in and, without your ever knowing about it, given up in failure. Both of these situations look the same. Because so often a successful security system looks as if nothing ever happens, the only reliable way to measure security is to examine how it fails — in the context of the assets and functionality it is protecting.
I’m just over a third of the way into the book, but it has been great reading so far. It has definitely given me some new and interesting perspectives on my role with security. My only regret is that I waited so long to start reading it — I received it straight from CounterPane at the Gartner IT Security Summit 2006event this past June (and Bruce even autographed it for me).
That’ll teach me to procrastinate.