After reading Economics & Strategies of Data Security, you know that Dan Geer is a person who really gets what information security is all about.
Too many organizations equate security with buying security products. While today's data centers are full of firewalls and intrusion detection systems, most organizations' IT systems are not getting more secure.
Only risk-based methodologies can secure today's mission-critical IT systems. In Economics and Strategies of Data Security, author Dan Geer demonstrates that security can't be product-centric. It requires a strategic, risk-based, data-centric approach.
If you are looking for a 1,200-page tome about every security technology under the sun, this is not it. Instead the book zeroes in on the core concepts of data security and the underlying issue of risk and how the former can be applied to mitigate the latter.
Geer discusses the economics of loss, intelligent data-centric security strategies, and how to develop a forward-looking approach for data security.
An alumnus of the Massachusetts Institute of Technology (MIT), Geer oversaw development of MIT's Project Athena, which developed the seminal Kerberos networking protocol and the X Window System graphic user interface for Unix. He is now the principal of Geer Risk Services and former chief scientist emeritus of the book's publisher, Verdasys of Waltham, Massachusetts.
This book should be required reading for anyone who cares about the security of their organization's data. If you read the book today, pick it up again 10 years from now. It will probably still be timely.