Beautiful Security: Leading Security Experts Explain How They Think
In this thought-provoking anthology, today's security experts describe bold and extraordinary methods used to secure computer systems in the face of ever-increasing threats. Beautiful Security features a collection of essays and insightful analyses by leaders such as Ben Edelman, Grant Geyer, John McManus, and a dozen others who have found unusual solutions for writing secure code, designing secure applications, addressing modern challenges such as wireless security and Internet vulnerabilities, and much more. Among the book's wide-ranging topics, you'll learn how new and more aggressive security measures work—and where they will lead us. Topics include:
- Rewiring the expectations and assumptions of organizations regarding security
- Security as a design requirement
- Evolution and new projects in Web of Trust
- Legal sanctions to enforce security precautions
- An encryption/hash system for protecting user data
- The criminal economy for stolen information
- Detecting attacks through context
Go beyond the headlines, hype, and hearsay. With Beautiful Security, you'll delve into the techniques, technology, ethics, and laws at the center of the biggest revolution in the history of network security. It's a useful and far-reaching discussion you can't afford to miss.
Review By: John Beecham
12/14/2009Beautiful Security comprises sixteen chapters in essay format each written by different experts in the field of information security. Each essay is broken down into unrelated themes, yet all reach a common goal of enlightening the reader on how the field of security is intriguing. Subjects such as meaningless metrics, cloud computing, social networks, time-to-market versus quality apply to everyone in all levels of software development and hosting. What the reader can take away from the book is that the type of security required tomorrow must be derived from a drastically different business mode than what exists today.
I found chapters nine and eleven stood out with its easy-to-grasp examples that apply to all of IT. In chapter nine, Mark Curphrey discusses the necessity to have people, processes, and technology working in harmony with technology last in the equation. Curphery stresses that everyone, not just security professionals, need to become passionate about playing a role in the future of security technology or as he calls it “security cogs of tomorrow.”
Chapter eleven features Jim Routh who writes about the current state of security in commercial software which he describes as “distasteful, marked by embarrassing public reports of vulnerabilities and actual attacks.” Routh notes that over fifty percent of software vulnerabilities are architectural defects and not code based. He stresses that developers must change their mindset to rank security defects above functional requirements. That way software vulnerabilities will be addressed before deployment versus having customers do beta testing.
The book is an easy read and I would recommend it for testers, developers, system admins, and DBAs alike. The material is not stale and is relevant to what is hitting IT today and the authors strive to look into what will face all of us in the future when it comes to system and information threats.
The novice or entry-level IT person will not have an issue with terminology or content, and, after reading this book, it may strike an interest with some to pursue a career in security. Everyone involved in software development will gain insight into how security interacts with all of their functions.