Title: Secrets and Lies: Digital Security in a Networked World
Author: Bruce Schneier
Publisher: Wiley
Publication Date: August 2000
Pages: 412

Secrets and Lies is surprisingly an interesting book to read considering its topic: digital security. The author doesn't use tons of terminology to scare readers away. On the contrary, he uses common sense and numerous real-world examples to demonstrate security threats in the cyberspace. Those threats are real, and their effects are even more devastating than attacks in the physical world. The perpetrators, however, are harder to be tracked down and convicted. What threats are we facing in the digital world? Schneier covers not only the full range of criminal attacks but also publicity attacks and legal attacks. The attackers are also categorized, including national intelligence organizations and the press as well as terrorists, insiders, lone criminals ad corporate spies. He continues to look at various security needs, among them privacy, anonymity, integrity, authenticity, and audit. While discussing the privacy need, the trickiest question is who owns individuals’ personal data. The United States and the European Unions are two extremes. On one hand, individuals in the U.S. don’t have the ownership of the data about themselves, and companies are allowed to sell and buy personal data at will. The EU, on the other hand, has strict regulations on collection and dissemination of personal data. Their different attitudes towards personal data ownership serve as a very good example how government policy can affect information security.

The second part of this book introduces a broad range of security technologies, such as cryptography, software reliability, secure hardware, identification and authentication. Schneier explains various security algorithms, protocols and techniques in a way that network novice can understand and appreciate. In the process, he also corrects many common misconceptions about security. He actually makes a very clear statement that this book is written "partly to correct a mistake." Schneier once believed that cryptography was The Answer to security threats. He then realized that there are many contextual factors that affect security systems, such as the hardware, the software, the networks, and the people. Technology is not the answer. It is just part of the system. In this book, Schneier promotes the concept that "Security is a chain; it's only as secure as the weakest link." "Security is a process, not a product."

This book covers all the basics of computer security (encryption, intrusion detection systems, firewalls, and so on) and provides very helpful guidance for beginners. In all reality, this book can be and should be read by anyone who uses the Net. It is worth learning what risks we are exposed to. Business decision makers without a technical background may also benefit from this book by understanding what security challenges their IT staff is facing. Technology, as Schneier stresses repeatedly, is not equal to security and there’s no quick fix to security problems. It is necessary to build up systematic processes to manage these threats and incidents. For a reader with a technical background, this book can also help him/her to see security issues from different perspectives.

I was impressed by Schneier’s deep understanding of security concepts, and even more impressed by his ability to communicate these concepts fluently and accessibly. Although Secrets and Lies doesn’t cover in-depth technical information on the topic of system security, it does provide a valuable guide to complex security issues in the networked world. This book is definitely very informative, and it will be better if Schneier can add some recommended books and resources to help readers do advanced studies.