I’ve been working my way through Bruce Schneier’s book for a while. Not due to any shortcomings in the book itself, but rather other distractions have been interfering with my reading for the past few months and I’ve fallen well behind as my “to read” shelf has been growing steadily.
“Beyond Fear” should be required reading for EVERY SINGLE ONE of our legislators. Well… this book and the constitution. Knowledge of both of these tomes would go a long way towards stemming the tide of ridiculous, pandering, appear-to-be-doing-something-ANYTHING laws that seem to flood out of State and Federal government houses each month.
Combining relevant examples with 5 comprehensive steps that should be evaluated as part of any important security assessment, Bruce pragmatically walks the line between impractically crippling defensive measures and vulnerably insecure systems that must be used by myriad folks on a daily basis. He emphasizes our natural tendency to overestimate certain kinds of (ultimately irrelevant) risks while we casually accept on a daily basis risks that are of far greater likelihood and, ultimately, consequence than those we emotionally invest ourselves in.
While Bruce does not say this explicitly, the examples and figures in his book support the statement that I have heard made that “If you read about it in the newspaper, it’s not something you need to worry about.” (BTW, this can apply to positive things too, like reading about someone winning the lottery). The only reason it’s being reported is because it’s unusual or spectacular. That’s why the handful of deaths airplane crashes (631 in the U.S.A each year) receive so much publicity but the thousands of people dying in car accidents (41,700 in the U.S.A. each year) receive only the vaguest of coverage.
Perhaps my favorite quote in the book on this topic is that “More people are killed every year by pigs than by sharks.”. To contrast with the numbers above, about 0.6 people are killed in the U.S.A. each year by sharks. That’s five orders of magnitude less than the automobile figure. Yet how many people do you know are fearful of going swimming, yet have no problem driving to the corner store for some milk?
Anyway, there are great examples given of computer issues, financial issues, terrorist issues and even beekeeper issues. You will not want for examples that you can relate to.
Definitely a starting point for a reasoned, rational discussion on how to make the best possible trade-offs for the most useful and unencumbering risk reduction in a world of finite resources.
Posted under Books
This post was written by Marc
on April 2, 2009 at 2:51 am