Chapter-1 All Security Involves Trade-offs (Summary) from Beyond Fear
Posted In:
Beyond Fear Chapter-1
.
By Wasim
· This book is about how to analyze and evaluate security measures.
· Most of the time, we hear about the security when it fails. Security effectiveness can be extremely hard to measure.
· Beyond Fear is Schneier attempt to demystify security for the post 9/11 general public. The 9/11 terrorist operation was small, efficient, relatively low-tech, very strictly disciplined, highly compartmentalized, and extremely innovative.
· We constantly make security trade-offs every day. Like brushing teeth, locking the house, the car we purchase and drive, candy bar we buy etc
· People make security trade-offs naturally, choosing more or less security as situations change.
· The goal of this book is to help you move beyond fear, and give you the tools to start making sensible security trade-offs.
· Security is both a feeling and a reality.
· Security is about preventing adverse consequences from the intentional and unwarranted actions of others.
1. Security system: set of things put in place or done to prevent negative consequences. Security is about prevention. It can be attacked, can have flaws, and can fail.
2. Security concerns itself with intentional actions. Safety means protecting assets from unintentional actions. Security means preventing assets from intentional actions.
3. Security requires the concept of an attacker who performs intentional and unwarranted actions.
4. An attack means intentional unwarranted actions. An attack is a specific way to attempt to break the security of a system or a component of a system.
5. Assets are the objects of attack. Assets can be as small as a single diamond and as large as a nation’s infrastructure.
6. A countermeasure means individual, discrete, & independent security components which together make up a security system.
· Security is complex that can be broken down into smaller and simpler steps. The 5-step process to analyze and evaluate security systems, technologies, and practices are as follows:
1. What assets are you trying to protect?
2. What are the risks to these assets?
3. How well does the security solution mitigate those risks?
4. What other risks does the security solution cause?
5. What costs and trade-offs does the security solution impose?
· A better understanding of trade-offs leads to a better understanding of security, and consequently to more sensible security decisions.
· Two Schneier's concepts:
1. Everyone involved in a security decision has their own agenda.
2. Every security decision involves tradeoffs.
· By understanding these concepts, we can make rational decisions about whether and how proposed security measures should be implemented, rather than being driven by fear.
· Most of the time, we hear about the security when it fails. Security effectiveness can be extremely hard to measure.
· Beyond Fear is Schneier attempt to demystify security for the post 9/11 general public. The 9/11 terrorist operation was small, efficient, relatively low-tech, very strictly disciplined, highly compartmentalized, and extremely innovative.
· We constantly make security trade-offs every day. Like brushing teeth, locking the house, the car we purchase and drive, candy bar we buy etc
· People make security trade-offs naturally, choosing more or less security as situations change.
· The goal of this book is to help you move beyond fear, and give you the tools to start making sensible security trade-offs.
· Security is both a feeling and a reality.
· Security is about preventing adverse consequences from the intentional and unwarranted actions of others.
1. Security system: set of things put in place or done to prevent negative consequences. Security is about prevention. It can be attacked, can have flaws, and can fail.
2. Security concerns itself with intentional actions. Safety means protecting assets from unintentional actions. Security means preventing assets from intentional actions.
3. Security requires the concept of an attacker who performs intentional and unwarranted actions.
4. An attack means intentional unwarranted actions. An attack is a specific way to attempt to break the security of a system or a component of a system.
5. Assets are the objects of attack. Assets can be as small as a single diamond and as large as a nation’s infrastructure.
6. A countermeasure means individual, discrete, & independent security components which together make up a security system.
· Security is complex that can be broken down into smaller and simpler steps. The 5-step process to analyze and evaluate security systems, technologies, and practices are as follows:
1. What assets are you trying to protect?
2. What are the risks to these assets?
3. How well does the security solution mitigate those risks?
4. What other risks does the security solution cause?
5. What costs and trade-offs does the security solution impose?
· A better understanding of trade-offs leads to a better understanding of security, and consequently to more sensible security decisions.
· Two Schneier's concepts:
1. Everyone involved in a security decision has their own agenda.
2. Every security decision involves tradeoffs.
· By understanding these concepts, we can make rational decisions about whether and how proposed security measures should be implemented, rather than being driven by fear.
0 Responses to Chapter-1 All Security Involves Trade-offs (Summary) from Beyond Fear
Something to say?