Secrets & Lies, Digital Security in a Networked World by Bruce Schneier is the perfect book for security professionals who have some training in, experience with, or exposure to security technologies.
Schneier declares that security must be approached from a “systems” perspective before technologies and countermeasures can be properly selected and implemented.
Making the case that security solutions require an understanding of the environment and context in which they will be used, Schneier takes the reader beyond the latest “hot product” into a deeper understanding of the security landscape: threats, attacks, adversaries, security needs. He gives a very good overview of relevant technologies: cryptography (of course), computer Security, Identification & Authentication, network security, software, hardware, people; and he offers strategies for managing the security problems: vulnerability management, threat modeling, risk assessment, attack trees, policies and countermeasures.
Secrets & Lies offers a holistic approach to security that will inform and ground the security professional. The focus on understanding systems and processes is valuable and provides much-needed context. The author’s style and humor makes Secrets & Lies an easy read. Secrets & Lies is on my list of recommended reading, not just because I’m a Schneier fan, but because the book is just that good.