If you’re a security or network professional, you already know the “do’s and don’ts”: run AV software and firewalls, lock down your systems, use encryption, watch network traffic, follow best practices, hire expensive consultants . . . but it isn’t working. You’re at greater risk than ever, and even the world’s most security-focused organizations are being victimized by massive attacks. In Thinking Security, author Steven M. Bellovin provides a new way to think about security. As one of the world’s most respected security experts, Bellovin helps you gain new clarity about what you’re doing and why you’re doing it. He helps you understand security as a systems problem, including the role of the all-important human element, and shows you how to match your countermeasures to actual threats. You’ll learn how to move beyond last year’s checklists at a time when technology is changing so rapidly. You’ll also understand how to design security architectures that don’t just prevent attacks wherever possible, but also deal with the consequences of failures. And, within the context of your coherent architecture, you’ll learn how to decide when to invest in a new security product and when not to. Bellovin, co-author of the best-selling Firewalls and Internet Security, caught his first hackers in 1971. Drawing on his deep experience, he shares actionable, up-to-date guidance on issues ranging from SSO and federated authentication to BYOD, virtualization, and cloud security. Perfect security is impossible. Nevertheless, it’s possible to build and operate security systems far more effectively. Thinking Security will help you do just that.

Written by Steve Bellovin, one of the world's most respected security consultants, this guide is for students who know all the basics: working security specialists, admins, IT managers, architects, and chief security officers. Bellovin will help students take a deeper look at what they're doing, understand security as a "systems problem," recognize the implications of your environment, and "think like the enemy."

Many of us, especially since 9/11, have become personally concerned about issues of security, and this is no surprise. Security is near the top of government and corporate agendas around the globe. Security-related stories appear on the front page everyday. How well though, do any of us truly understand what achieving real security involves? In Beyond Fear, Bruce Schneier invites us to take a critical look at not just the threats to our security, but the ways in which we're encouraged to think about security by law enforcement agencies, businesses of all shapes and sizes, and our national governments and militaries. Schneier believes we all can and should be better security consumers, and that the trade-offs we make in the name of security - in terms of cash outlays, taxes, inconvenience, and diminished freedoms - should be part of an ongoing negotiation in our personal, professional, and civic lives, and the subject of an open and informed national discussion. With a well-deserved reputation for original and sometimes iconoclastic thought, Schneier has a lot to say that is provocative, counter-intuitive, and just plain good sense. He explains in detail, for example, why we need to design security systems that don't just work well, but fail well, and why secrecy on the part of government often undermines security. He also believes, for instance, that national ID cards are an exceptionally bad idea: technically unsound, and even destructive of security. And, contrary to a lot of current nay-sayers, he thinks online shopping is fundamentally safe, and that many of the new airline security measure (though by no means all) are actually quite effective. A skeptic of much that's promised by highly touted technologies like biometrics, Schneier is also a refreshingly positive, problem-solving force in the often self-dramatizing and fear-mongering world of security pundits. Schneier helps the reader to understand the issues at stake, and how to best come to one's own conclusions, including the vast infrastructure we already have in place, and the vaster systems--some useful, others useless or worse--that we're being asked to submit to and pay for. Bruce Schneier is the author of seven books, including Applied Cryptography (which Wired called "the one book the National Security Agency wanted never to be published") and Secrets and Lies (described in Fortune as "startlingly lively...¦[a] jewel box of little surprises you can actually use."). He is also Founder and Chief Technology Officer of Counterpane Internet Security, Inc., and publishes Crypto-Gram, one of the most widely read newsletters in the field of online security.

Effective strategic thinking requires a clear understanding of one's external environment. Each organization has a unique environment, but as Ross Harrison explains in Strategic Thinking in 3D, any environment-whether in the fields of national security, foreign policy, or business-has three dimensions: systems, opponents, and groups.

Strategic Security will help security managers, and those aspiring to the position, to think strategically about their job, the culture of their workplace, and the nature of security planning and implementation. Security professionals tend to focus on the immediate (the urgent) rather than the important and essential—too often serving as "firefighters" rather than strategists. This book will help professionals consider their roles, and structure their tasks through a strategic approach without neglecting their career objectives. Few security management books for professionals in the field focus on corporate or industrial security from a strategic perspective. Books on the market normally provide "recipes," methods or guidelines to develop, plans, policies or procedures. However, many do so without taking into account the personal element that is supposed to apply these methods. In this book, the authors helps readers to consider their own career development in parallel with establishing their organisation security programme. This is fundamental to becoming, and serving as, a quality, effective manager. The element of considering career objectives as part-and-parcel to this is both unique to only this book and vital for long-term career success. The author delineates what makes strategic thinking different in a corporate and security environment. While strategy is crucial in the running of a company, the traditional attitude towards security is that it has to fix issues quickly and at low cost. This is an attitude that no other department would tolerate, but because of its image, security departments sometimes have major issues with buy-in and from top-management. The book covers the necessary level of strategic thinking to put their ideas into practice. Once this is achieved, the strategic process is explained, including the need to build the different steps into this process—and into the overarching business goals of the organisation—will be demonstrated. The book provides numerous hand-on examples of how to formulate and execute the strategic master plan for the organization. The authors draws on his extensive experience and successes to serve as a valuable resource to all security professionals looking to advance their careers in the field.

Een voormalige Amerikaanse minister van defensie geeft zijn visie op de defensiepolitiek van de V.S.