Book review: ‘The Rules of Security’ by Paul Martin
Image credit: Dreamstime
Think your technology is safe as houses? Think again, then check this advice from an IT security expert.
Security and technology go hand in hand, often with opportunities for enhancements in the former brought about by developments in the latter. Whether threats to our security come in the form of hackers, organised crime, terrorists or hostile nation states, the nature of these threats evolves constantly, as those wishing to undermine the security of everyone – from the individual householder to multinational organisations – simply get better at doing it.
This is the working premise of Paul Martin’s excellent ‘The Rules of Security: Staying Safe in a Risky World’ (Oxford University Press, £18.99, ISBN 9780198823575), a book that is both a sobering reality check for anyone thinking that all their bases are covered, as well as a beacon of resistance for those wondering what can be done in the face of a growth industry swarming all over our safety and security.
Martin, who has field experience in national security – he has advised governments on the protection of critical national infrastructure, as well as leading security preparations for the London 2012 Olympics – also has an academic background in the subject as an honorary principal research fellow at Imperial College and a distinguished fellow of the Royal United Services Institute for Defence and Security Studies. ‘The Rules for Security’ is his distillation of what he’s learned. And while one of his themes is that, when faced with complex security decisions our instinct is to concentrate on the wrong things, the best approach to countering security issues is normally to be found in common sense.
While he acknowledges that the internet is pretty much a wild frontier of online malfeasance, cyber crime is virtually identical to its pre-digital incarnations, in that its objectives are as old as the hills: espionage, fraud, sabotage and so on. Crimes go unreported and organisations spend millions on security, often under the undue influence of FUD (fear, uncertainty and doubt) generated in part by the cyber-security industry that in turn wants to make a buck out of the trend.
Access control is the key, says Martin. But we know that. The trick is being sufficiently self-aware to do something about it. To his credit, Martin is realistic in his assertion that “even the shiniest of tech boxes will not guarantee immunity from everything.” The only credible strategy, he suggests – as with any threat – is to construct active, pre-emptive resilience. In other words: be prepared.
‘The Rules of Security’ is a deceptively easy read in that there are ten bitesize takeaway nuggets of digestible information that will make you more aware, informed and alert. We’re taken systematically through the key ideas of countering potential breaches by thinking like an attacker, building defences, risk analysis and the like. Where Martin scores heavily is in the authenticity he brings to the subject, making his set of ideas less of a management self-help book and more of a first step towards protecting your assets.
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.