Review of The New School of Information Security Posted just published my four star review of The New School of Information Security by Adam Shostack and Andrew Stewart. From the review:

If you don't "get" Allan Schiffman's 2004 phrase "amateurs study cryptography; professionals study economics," if you don't know who Prof. Ross Anderson is, and if you think anti-virus and a firewall are required simply because they are "best practices," you need to read The New School of Information Security (TNSOIS). If you already recognize why I highlight these issues, you will not find much beyond an explanation of these central tenets in TNSOIS.


Anonymous said…
TNOIS is "pimped" as the best thing after sliced bread from the security industry. While Shostack and Co make an excellent job identifying current issues within the security "industry
, this only serves to highlight that the second part of the book is low in content and ideas.
Anonymous said…
Thanks Rich!
Anonymous said…
I am afraid that there is not much "new school" in the The New School of Information Security.

Your review inspired me to do one as well, but it is more a general observation of the whole industry and raising a query about innovation in general.

Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4