- Paperback: 448 pages
- Publisher: Wiley; 1 edition (January 30, 2004)
- Language: English
- ISBN-10: 0471453803
- ISBN-13: 978-0471453802
- Product Dimensions: 6 x 1.2 x 9 inches
- Shipping Weight: 1.2 pounds (View shipping rates and policies)
- Average Customer Review: 136 customer reviews
- Amazon Best Sellers Rank: #232,958 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Secrets and Lies: Digital Security in a Networked World 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
"Warlight" by Michael Ondaatje
A dramatic coming-of-age story set in the decade after World War II, "Warlight" is the mesmerizing new novel from the best-selling author of "The English Patient." Learn more
“…The security technologies available are described in a user-friendly way without going into depth...” (Computer Bulletin, January 2005)
“…peppered with lively anecdotes and aphorisms, making it a really accessible read...” (The ISSG Magazine, Autumn, 2004)
“…fascinating read…peppered with lively anecdotes…” (The ISSG Magazine, October 2004)
"...make yourself better informed. Read this book." (CVu, The Journal of the ACCU, Vol 16(3), June 2004)
From the Back Cover
"A primer in practical computer security aimed at those shopping, communicating, or doing business online almost everyone, in other words."
Viruses. Identity theft. Corporate espionage. National secrets compromised. Can anyone promise security in our digital world?
The man who introduced cryptography to the boardroom says no. But in this fascinating read, he shows us how to come closer by developing security measures in terms of context, tools, and strategy. Security is a process, not a product one that system administrators and corporate executives alike must understand to survive.
"This book is of value to anyone whose business depends on safe use of e-mail, the Web, or other networked communications. If thats not yet everybody, it soon will be."
Stephen H. Wildstrom, BusinessWeek
"Its not often that a truly outstanding book is written for both technical users and management. Fortunately, Secrets and Lies pulls off this feat rather well."
Dustin Puryear, Linux.com
"Schneier . . . peppers the book with lively anecdotes and aphorisms, making it unusually accessible."
Los Angeles Times
If you buy a new print edition of this book (or purchased one in the past), you can buy the Kindle edition for only $2.99 (Save 70%). Print edition purchase must be sold by Amazon. Learn more.
For thousands of qualifying books, your past, present, and future print-edition purchases now lets you buy the Kindle edition for $2.99 or less. (Textbooks available for $9.99 or less.)
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
To be clear, I enjoyed the book. If you're interested in InfoSec, and you're an avid reader, it's definitely worth your time, but if you're looking for a great primer in the vein of most of other works by Schneier, then you should probably look elsewhere, because it simply isn't "relevant enough" to be a modern reference.
The author is very specific about the security domains without being too technical but instead focusing on the "philosophy" behind each caveat. In that regards he shows the many way crackers can harm our security and how far we have advanced in combating them. He has a sort of pessimistic view regarding this because as he claims the bad guys are already ahead of governments and other organizations because of their unwillingness to think of security as a process but rather as a product to be installed without proper metrics measurement and capacity planning.
"Secrets and Lies: Digital Security in a Networked World" is the perfect book to hand to new bosses or new employees coming in the door who have not been exposed to cyber security in their past lives. It is also the perfect book for seasoned security practitioners who want an overview of the key issues facing our community today. Schneier wrote it more than a decade ago, but its ideas still resonate. He talks about the idea that “security is a process, not a product.” With that one line, Schneier captures the essence of what our cyber security community should be about. He explains that even though we have advanced technology designed to specifically find cyber break-ins, people are the still the weakest link. He describes how cyber risk is not a special category. It is just another risk to the business. He highlights the ludicrous idea that software vendors have no liability or selling buggy code, and he was one of the first thought leaders to characterize the adversary as something more than just a hacker. He makes the case for things that the cyber security community still needs in order to make the Internet more secure, things like strengthening confidentiality, integrity, and availability (CIA); improving Internet privacy and Internet anonymity; and challenging the idea that security practitioners must make the Sophie’s Choice between better security or more privacy in terms of government surveillance. Finally, he anticipates the need for a Bitcoin-like capability long before Bitcoin became popular. The content within Secrets and Lies is a good introduction to the cyber security community, and Schneier tells the story well. Because of that, Secrets and Lies is candidate for the cyber security canon, and you should have read it by now.
That being said, there are some nits I have to pick. The material is very ad hoc, backed up by mainly by personal (though extensive) experience and casual reading. A useful knowledge base, but limited as a source of primary information.
This is aggravated by Schneier's use of non-technical examples and analogies in many of his arguments. The arguments themselves are very strong, but when he cites this historical example or that financial practice, he often gets his facts wrong. I don't suppose this has a big effect on his credibility, but it must have some.
It's also a little disappointing that Schneier didn't bother to get into the general history of the Engima/Ultra business -- a prime example of his basic theme, that the smallest failure of the security process is vulnerable to machines with infinite patience.
Finally, I'm very, very disappointed that Scheier fails to challenge -- and sometimes even supports -- the social conservative attitude towards hacking and reverse engineering. He points out the futility of trying to encrypt DVDs -- but barely touches on the DMCA. He speaks of general software hacking as a basically benign activity -- but he strongly supports criminal punishment even for the most non-invasive electronic "trespass". This is a point of view utterly at odds with his ideas of security considered in a complete social context.