Please enjoy reading this archived article; it may not include all images.

Carry On—Sound Advice From Schneier on Security

Carry On—Sound Advice From Schneier on Security
Author: Bruce Schneier | Reviewed by Maria Patricia Prandini, CISA, CRISC
Date Published: 1 September 2014
A pessimistic prediction for the future of the RSA Conference, the somehow unfair public judgment of security agencies, the possibility of hacking a papal election, how to become a security expert, the use of security questions as a backup mechanism for forgotten passwords and the level of understanding that security staff have about people are just a small sample of the topics on which Bruce Schneier offers his insights in this entertaining and easy-to-read book.

Carry On: Sound Advice From Schneier on Security is a collection of Schneier’s short essays, which appeared in different publications between March 2008 and June 2013. It is almost guaranteed that readers interested in up-to-date information security facts will find at least one thing in this publication that will grab their attention. In fact, more than 150 commentaries on recent events and common information security issues are presented by the author in a concise and amusing format.

The author analyzes and clearly explains common security concepts and shares his opinions on information security current events, making this book interesting for security experts, IT professionals and the average person. Schneier challenges readers to rethink some of the main ideas or concepts usually associated with information security today.

The book is organized around eight chapters, every one of which presents information security from a different perspective: business and economics; crime, terrorism, spying and war; human aspects; privacy and surveillance; psychology; technology; travel; and policy, liberty and law. Every chapter contains a selection of different articles referencing actual issues and events.

Even the introduction is not to be missed. Here, Schneier shares with readers the process of writing essays. Viewed as tight arguments on a particular point, he explains that his essays could be written as a result of a morning inspiration or, when issues are harder to analyze, after a few days of consideration. The book covers actual events and technologies (such as the Boston [Massachusetts, USA] Marathon bombing), aviation security issues, cyberattacks, the Stuxnet virus, cloud computing and privacy. Readers will feel captivated by these thoughtprovoking writings.

Another benefit of this publication is that it can be read sequentially or by jumping from one section to another, depending on the reader’s interests or needs.

“Sound advice on security” is exactly what the reader will get from Schneier in this book: an interesting and inspiring read on a wide range of today’s hot topics on information security, written by a real, worldwide expert. Anyone concerned about security and risk issues, whether an expert or simply someone interested in these topics, should not miss this book.

Reviewed by Maria Patricia Prandini, CISA, CRISC, who has a long career as a public official in different positions related to information technology at the Argentine Government. Prandini was involved in the development of the National PKI and the foundation of ARCERT, the first governmental computer security incident response team (CSIRT) in Argentina. She is the immediate past president of the ISACA Buenos Aires (Argentina) Chapter.