Ottawa Valley SAGE

Providing a forum since 1998

Jan 28, 2011 - 2 minute read - Comments

A Brief Review of Beautiful Security by Andy Oram and John Viega

no description

Beautiful Security

Beautiful Security is a collection of essays on security thought from a variety of industry leaders. The sixteen chapters of the book cover a surprisingly wide base of security domains making it worth reading just for the exposure to the wealth of ideas. The fact that the essays are intellectually entertaining is a bonus.

The best sections of this book are the places where some of my long held beliefs get challenged by the chapter author, particularly the issues involved with security in cloud computing. I still have a healthy skepticism for the claims of cloud service providers, but the concept that we will not get any better at securing abstracted compute environments until we start using them is correct. You do not become an expert at something until you invest a significant amount of time and practice into it, so how can we expect to secure these environments unless we use them?

Another surprise is the essay on law and infosec. This is not my first choice in reading topics but I have been exposed to other schools of thought over the years and typically enjoy them once I’ve realized that I’m ignoring useful information. This chapter is no exception. Although it is oriented towards U.S. law, the concepts and situations presented are quite interesting and do provide an alternative perspective for methodologies on rolling out a security strategy. Sometimes we forget that there is significantly more to the process than a technical solution.

In my opinion, this is a book worth reading as it generates questions about the way we approach information security. I would recommend it to anyone who wants to get a better understanding of and exposure to the thought processes that go into the information security industry.