Schneier, Bruce. Secrets and Lies: Digital Security in a Networked World. New York: Wiley, 2000.

"Security is a chain; it's only as secure as its weakest link."

"Security is a process, not a product."

Part of Schneier's incentive to write this book was based on what he saw as inappropriate reliance on cryptography as a security panacea. As a recognized authority and author on cryptography, Schneier felt some personal responsibility for such misconceptions. Security, as he describes throughout the book, has numerous social and technical components, any one of which can be broken. Rather than focusing solely at any one part of the picture, those concerned with security should think in terms of the entire system. Schneier makes a compelling case for the claim that no computer system can be 100% secure (though some are obviously more secure than others). For this reason, security measures should address all three of the following: prevention, detection and response.

Assessment:

Schneier's book is an excellent introduction to the major issues. He calls into question many of the technical approaches that many vendors and the popular media have held up as the ultimate solutions to security. He provides guidance on how the reader can address numerous security risks, but with the constant reminder that such risks can never be eliminated completely.

Implications:

Anyone responsible for an ICT system that deals with sensitive information should be conscious of the security concerns Schneier raises. Many small nonprofits and schools, for example, process information that carries considerable privacy concerns.

» Next: Shapiro, Carl, and Hal Varian