Secret & Lies - Bruce Schneier

Security Processes
- Compartmentalize
- Secure Weakest Link
- Use Choke Points
- Defense in Depth
- Fail Securely
- Leverage Unpredictability
- Simplicity
- Enlist Users
- Assure
- Question

Detection and Response
- Detect Attacks
- Analyze Attacks
--> Detect
--> Localize
--> Identify
--> Assess
- Vigilance
- Watch the Watchers
- Recover from Attacks

Counterattack
- Prosecute Criminal Activity

Manage Risk
- Insurance
--> Compensation
--> 3rd Party Liability

Outsourcing Security Processes
Average Joe vs Expert
- Due to internet mechanism, threats can spread
Deal with problem, not ban
No technical solutions for social problems -> Laws
Secrecy aids attackers
Government regulation - misdirected and slow
Private assessment, consumer reports
Licensing, liability insurance
Trust entities to limit risk Problem is not technology but the use of technology