The issue of security is significant in our general lives. More particularly, it is important to know how security measures are analyzed and evaluated in terms of safeguarding assets including our lives. This is what encompasses the subject of Beyond Fear: Thinking Sensibly about Security in an Uncertain World, a nonfiction book by prominent American cryptographer and computer security specialist Bruce Schneier. Published in 2003, Beyond Fear presents a five-step process for evaluating the relevance of a countermeasure against security attacks.
Schneier introduces the idea of security measures in the beginning of the book. “This book is about security: how it works and how to think about it. It’s not about whether a particular security measure works, but about how to analyze and evaluate security measures. ” (Schneier 7) In order to explain how security really works, Schneier provides a practical approach by thinking of security in terms of sensible trade-offs, and not in absolutes. It is a common phenomenon that the aspects of security concerns generate fear, anxiety and panic.
Schneier’s extraordinarily clear and powerful analysis of the importance of security measures discussed in Beyond Fear makes his book understandable to even common laymen not specializing in security. What Schneier emphasizes on is the simple yet thoughtful speculation that we can move beyond fear to start thinking sensibly and creatively about security. In today’s world where uncertainty is prevalent in all aspects, the concern of security becomes too important a subject to be left to the responsibility of others. Contrary to popular belief, Schneier contemplates, security is not a mysterious or arduous responsibility.
We make security choices in our daily lives, and they come naturally such as – which side of the street we walk on, whether we park our car under a streetlight, security of our homes, etc. Schneier demonstrates practical steps we all naturally take while addressing the real threats faced by our families, communities, and our nation. Schneier’s examples speak the tone of practicality. “I can give you a very good tip if you want to keep burglars out of your house. A light on for the burglar to see is the very best single means of protection. One of the ideal things is to leave a bathroom light on all night.
The bathroom is one place where somebody could be, for any length of time, at any time of the night, and he would be likely to hear the slightest strange sound. The burglar, knowing this, won’t try to enter. It’s also the cheapest possible protection. ” (Schneier 281) Security system is a set of things put in place or done in order to prevent negative consequences. The five steps offered by Schneier for analyzing as well as evaluating security measures, are explicitly precise. In order to understand the importance and functionalities of security systems, there are certain fundamental requirements that we need to consider.
The five-step process is designed to focus on the specific aspects of security you need to understand in order to make one basic decision: Is the security countermeasure worth the trade-offs? ” (Schneier 257) Security itself is a complicated subject. Evaluating a security system – whether it is meant for protecting a computer, an airport, or even an individual – is a significant responsibility. Schneier provides us with a five-step analytical framework for evaluating a security system.
The five steps mentioned in Beyond Fear are the following: ? What assets are you trying to protect? What are the risks to those assets? ? How well does the security solution mitigate those risks? ? What other risks does the security solution cause? ? What costs and trade-offs does the security solution impose? Identifying the assets at risk, the first step, is fairly straightforward. However, analyzing the security risks (including the rest of the steps in the process) is often a problematic concern for organizations. Companies generally hire outside teams in order to test their physical and computer security schemes. But such objective analyses are not sufficient enough.
Schneier remarks in the introduction to Chapter 3 of Beyond Fear, “Most security decisions are complicated, involving multiple players with their own subjective assessments of security. Moreover, each of these players also has his own agenda, often having nothing to do with security, and some amount of power in relation to the other players. In analyzing any security situation, we need to assess these agendas and power relationships.
The question isn’t which system provides the optimal security trade-offs – rather, it’s which system provides the optimal security trade-offs for which players. (Schneier in Introduction to Chapter 3) Schneier’s Beyond Fear clearly defines the essential concepts and basic practices in context to security in all areas of life. Schneier illustrates these universal principles with numerous everyday examples from the local supermarket and the ATM to the airport. “The airlines are desperate to get more of the public flying but are leery of security systems that are expensive or play havoc with their flight schedules. They are happy to let the government take over the job of airport screening because then it won’t be their fault if there’s a problem in the future.
Many pilots like the idea of carrying guns, as they now fear for their lives. Flight attendants are less happy with the idea, afraid that they could be left in danger while the pilots defend themselves. Elected government officials are concerned about reelection and need to be seen by the public as doing something to improve security. ” (Schneier 33) Schneier’s Beyond Fear is a well-written volume on the various concerns of security systems. It is an easy read for new and advanced readers, and even security professionals, and those who find the subject intriguing.
The book is an excellent composition in terms of helping people understand the importance of risks and what trade-offs are required to protect against those risks. Schneier mentions in his book about the trade-offs in allowing government to keep security information from the public. “What are the risks to those assets? Terrorism: specifically, the risk is that terrorists will use information to launch terrorist attacks more easily, or more effectively…the risk, of course, is that attackers learn about the vulnerabilities and exploit them. ” (Schneier 130)
It is notable that post 9/11, the responsibilities of policy-makers as well as elected officials have doubled up with regard to trying to expand the powers of government and law enforcement agencies. This is what they are doing in the name of security. It is now time for citizens to understand what sort of security they are receiving. Because, only then can they make informed decisions on whether the security is worth the trade-off of civil liberties or freedom. Schneier’s Beyond Fear provides a thoughtful overview of the security measures that have been implemented since the 9/11 terrorist attacks.
Beyond Fear of Schneier deals effectively as well as apprehensively with the complex web of security systems and manages to create an understandable security framework, along with useful and clear illustrations from practical life spread throughout the book. Relation between security and technology The importance of technology can be counted in many ways. Technology can solve our problems and improve lives in so many ways. However, it is not the same thing when it comes to solving security problems with the help of technology.
There is a remarkable difference between technology and security. “Technology is generally an enabler, allowing people to do things. Security is the opposite: it tries to prevent something from happening, or prevent people from doing something, in the face of someone actively trying to defeat it. That’s why technology doesn’t work in security the way it does elsewhere, and why an over reliance on technology often leads to bad security, or even to the opposite of security. ” (Schneier 13) Technology is considered to be a complicated part of security. It creates security imbalances.
Technological advancements bring along progressive standardization, but this leads to more and more security vulnerabilities because, “They [technology] make it possible for attackers to carry out class breaks: attacks that can break every instance of some feature in a security system. ” (Schneier 93) It is ironical that modern technology, especially computer technology, simplifies long-distance terrorist attacks. Suicidal attacks prove to be an old idea in the new age of technological destructivism.
The side with the more advanced technology wins the battle, which means security systems fall prey to some more vulnerabilities. ith today’s security systems migrating to computerized technology, the long-distance destructive attacks become more feasible. Technology makes the attacks easier. The advancement of technology creates new security problems, the solution of which requires new ideas. Therefore, it is important to realize that technology is a complicated part of security. Security is not all about technology, it is about identifying and preventing the risks. However, technology helps security systems in detecting the risks and the different ways to manage those risks.