|The Digital Big Bang|
Author: Phil Quade
With the subtitle "The Hard Stuff, the Soft Stuff, and the Future of Cybersecurity", this is an interesting book that consists of lots of short chapters from cybersecurity experts at a range of companies, but it stops short of giving practical advice on how to manage cybersecurity threats.
The book uses the idea of 'the digital big bang' as the creation of a new cyber universe. However, the individual chapters then look at topics that are specifically about cybersecurity rather than any further exploration of a new cyber universe.
The book opens with chapters on speed and connectivity, and as with later sections there are two or three thought pieces per chapter. Contributors from Microsoft and the NSA in this section put forward views that it's sometimes better to take more time but be secure, and that the drive to connect things and data sources in cyberspace is unstoppable. These are hardly earth-shattering revelations, but the arguments are made more interesting by the people making them and the insights from their personal experiences.
The next three chapters come under the general heading of 'elementary shortfalls', and cover authentication, patching and training. The former director of US National Intelligence looks at the five pillars of security, and there are interesting discussions of the vital role of patching in security.
Part three of the book, Fundamental Strategies, has chapters on cryptography, access control, and segmentation. The discussions of cryptography put forward some interesting thoughts, including the effect quantum computers will have, and a piece titled 'the good, the bad, and the future by Dan Boneh of Stanford University. The section on segmentation was also interesting, with discussions on how to create and manage segmented networks for greater security.
The next section, advanced strategies, had discussions on visibility, inspection, and failure recovery, The former Secretary of the US Department of Homeland Security's piece on visibility of risks of 'pathogens' - malware, viruses and denial-of-service attacks - was one of the more practical pieces and well worth a read, as was the piece on cyber event recovery from the head of information security at the UK Royal Mail.
The final major part of the book looks at higher order dimensions - complexity management, privacy, and human frailty. Both contributors to the privacy section were positive about greater privacy regulations, while both contributors to the human frailty chapter were resigned to the fact that people can't be trusted to behave securely. The book ends with a look at the future, and the role AI will play.
To be honest, if you're already working in IT, you're not going to be startled by anything in this book. In fact, you're not really going to learn anything you haven't already read elsewhere. However, I still found some of the observations insightful, and it was interesting to have opinions from people who have been in very senior roles, both in government departments, security companies and large corporations. It would certainly be a useful book to have your non-technical managers read, and my four-star rating is targeted at that audience.
|Last Updated ( Tuesday, 28 January 2020 )|