Beautiful Security
Leading Security Experts Explain How They Think
Publisher: O'Reilly Media
Final Release Date: April 2009
Pages: 302

Although most people don't give security much attention until their personal or business systems are attacked, this thought-provoking anthology demonstrates that digital security is not only worth thinking about, it's also a fascinating topic. Criminals succeed by exercising enormous creativity, and those defending against them must do the same.

Beautiful Security explores this challenging subject with insightful essays and analysis on topics that include:

  • The underground economy for personal information: how it works, the relationships among criminals, and some of the new ways they pounce on their prey
  • How social networking, cloud computing, and other popular trends help or hurt our online security
  • How metrics, requirements gathering, design, and law can take security to a higher level
  • The real, little-publicized history of PGP

This book includes contributions from:

  • Peiter "Mudge" Zatko
  • Jim Stickley
  • Elizabeth Nichols
  • Chenxi Wang
  • Ed Bellis
  • Ben Edelman
  • Phil Zimmermann and Jon Callas
  • Kathy Wang
  • Mark Curphey
  • John McManus
  • James Routh
  • Randy V. Sabett
  • Anton Chuvakin
  • Grant Geyer and Brian Dunphy
  • Peter Wayner
  • Michael Wood and Fernando Francisco

All royalties will be donated to the Internet Engineering Task Force (IETF).

Table of Contents
Product Details
About the Author
Colophon
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
O'Reilly MediaBeautiful Security
 
4.0

(based on 3 reviews)

Ratings Distribution

  • 5 Stars

     

    (0)

  • 4 Stars

     

    (3)

  • 3 Stars

     

    (0)

  • 2 Stars

     

    (0)

  • 1 Stars

     

    (0)

100%

of respondents would recommend this to a friend.

Pros

  • Well-written (3)

Cons

    Best Uses

    • Intermediate (3)

    Reviewed by 3 customers

    Sort by

    Displaying reviews 1-3

    Back to top

    (1 of 1 customers found this review helpful)

     
    4.0

    Collective work for a wide subject

    By Bruno

    from Grenoble, France

    About Me Developer

    Verified Reviewer

    Pros

    • Easy to understand
    • Helpful examples
    • Well-written

    Cons

      Best Uses

      • Intermediate
      • Novice
      • Student

      Comments about O'Reilly Media Beautiful Security:

      I like computer security: it is always entertaining and insightful. This book is no exception. It offers a large panorama on Security, as seen from many point of view since this is a collective work.

      Advantages:
      - You see the subject from different angles
      - One or two author maybe boring, the overall content still has value
      - It is more like reading many little books on security.
      On the other hand:
      - You get many introduction and conclusions, that doesn't add much.
      - There is no real continuity nor overall aim or message. It is more a collection of essays arranged and formated to look like a "one story".

      Some essays are really insightful:
      - Psychological security trap: Is certainly something that you want to be aware of! How developers may think that security isn't a real requirement. It is somehow also the point in "security by design" and "Forcing firms to focus", but with an emphasis on project management and process.
      -Security Metrics is also interesting. It resurfaces in many others essays, mostly to warn about the wrong usage of metrics or the usage of wrong metrics.
      - The evolution of PGP is nice. It shows how far they have gone with PKI. Now it really looks like a good solution. But as with the Semantic Web, I would say that it is still waiting wide adoption to be useful.
      - "Oh no, here comes the Lawyer" should have been even more developed. This is where I feel I lack the most insight.
      - Incident detection: This is well known today. But always good to repeat. This is practical stuff and where we can expect improvement soon, since it is "just" about combining existing solutions.
      - "Doing real work without real data" exposes a nice idea. Worth to implement if it fits your use case. There are good references to balance pro and cons.
      - Casting spells also exposes a vendor solution. It uses a combination of technics (virtualization, signature + AI) to secure the user's workstation. Again, it may fit some use case.
      - Log handling is also certainly a crucial part of the puzzle.
      - ... others essays exposes security breaches, Honeyclient, wireless problems ...

      The essays target an average reader. It doesn't require any knowledge in programming, cryptography or Network protocols, but it will certainly help to have some culture in software development. It raises awarness in many differents aspect related to security.

      At first, I really liked the introduction in the book: The idea that too often security is seen from the point of view of the failures, like you look for a car race only waiting to see car crashes. The promise here was to focus on how a good design is as beautiful and enjoyable as a car crash. Well the content shows that it isn't that easy. I guess that it would have been a book on protocol design and application architecture. Subjects much harder to enjoy. Still the intent was good.

      To conclude, I would say that this book is what computer's security looks like after all: there is no coherent story. But if you have to write your own security story, you will be better of knowing 16 different essays than a single long one.

      (2 of 2 customers found this review helpful)

       
      4.0

      Thought Provoking Collection

      By ovsage

      from Ottawa, ON

      About Me Sys Admin

      Verified Reviewer

      Pros

      • Concise
      • Easy to understand
      • Well-written

      Cons

        Best Uses

        • Intermediate
        • Novice

        Comments about O'Reilly Media Beautiful Security:

        Beautiful Security is a collection of essays on security thought from a variety of industry leaders. The sixteen chapters of the book cover a surprisingly wide base of security domains making it worth reading just for the exposure to the wealth of ideas. The fact that the essays are intellectually entertaining is a bonus.

        The best sections of this book are the places where some of my long held beliefs get challenged by the chapter author, particularly the issues involved with security in cloud computing. I still have a healthy skepticism for the claims of cloud service providers, but the concept that we will not get any better at securing abstracted compute environments until we start using them is correct. You do not become an expert at something until you invest a significant amount of time and practice into it, so how can we expect to secure these environments unless we use them?

        Another surprise is the essay on law and infosec. This is not my first choice in reading topics but I have been exposed to other schools of thought over the years and typically enjoy them once I've realized that I'm ignoring useful information. This chapter is no exception. Although it is oriented towards U.S. law, the concepts and situations presented are quite interesting and do provide an alternative perspective for methodologies on rolling out a security strategy. Sometimes we forget that there is significantly more to the process than a technical solution.

        In my opinion, this is a book worth reading as it generates questions about the way we approach information security. I would recommend it to anyone who wants to get a better understanding of and exposure to the thought processes that go into the information security industry.

        (3 of 4 customers found this review helpful)

         
        4.0

        Beautiful, funny security

        By joncojonathan

        from Canterbury, Kent, UK

        About Me Sys Admin

        Verified Reviewer

        Pros

        • Well-written

        Cons

          Best Uses

          • Intermediate

          Comments about O'Reilly Media Beautiful Security:

          This book really made me think about security in the IT industry and has already caused me to check up and change some of the security practises at my place of work (I'm a network manager in a school). The first chapter was informative, made me think but more importantly was realy funny in places.

          There was one chapter that wasn't so interesting to me as it went into detail about the stock market and how an employee had exploited its security. Largely, this was because of the maths involved but the rest of the book had me hooked. Would throughly recommend.

          Displaying reviews 1-3

          Back to top

           
          Buy 2 Get 1 Free Free Shipping Guarantee
          Buying Options
          Immediate Access - Go Digital what's this?
          Ebook: $31.99
          Formats:  DAISY, ePub, Mobi, PDF
          Print & Ebook: $43.99
          Print: $39.99