Your Digital Afterlife - Evan Carroll & John Romano

When Facebook, Flickr and Twitter Are Your Estate, What's Your Legacy?

Almost without realizing it, we have shifted toward an all-digital culture. 
Future heirlooms like family photos, home movies, and personal letters now exist only in digital form, and in many cases they are stored using popular services like Flickr, YouTube, and Gmail. 
These digital possessions form a rich collection that chronicles our lives and connects us to each other.

But have you considered what will happen to your treasured digital possessions when you die?

Unfortunately the answer isn't as certain as we might presume. 
There are numerous legal, cultural, and technical issues that could prevent access to these assets, and if you don't take steps to make them available to your heirs, your digital legacy could be lost forever.

Written by the creators of TheDigitalBeyond.com, this book helps you secure your valuable digital assets for your loved ones and perhaps posterity. 
Whether you're the casual email user or the hyper-connected digital dweller, you'll come away with peace of mind knowing that your digital heirlooms won't be lost in the shuffle.

 [Book Description Source: www.amazon.com]

Goodreads Rating - 3.74 out of 5 (31 Ratings, 7 Reviews)

My Rating:  3 out of 5. 

Buying Options 
 Buy from Amazon.com  Buy from Amazon.in
Buy the Kindle  version
(Anybody can read Kindle books—even without a Kindle device—with the FREE Kindle app for smartphones and tablets.)
 

The Myths of Security

Author:         John Viega
Published:     2009

Publisher:     O'Reilly Media Inc.

Paperback:   252 pages

Buy from Flipkart

The author John Viega, an IT security expert  is of the view "... and the (IT security)  industry as a whole is broken ". This viewpoint coming from a person who is the CTO of SaaS business Unit at McAfee, a leading security product vendor, is bound to grab attention of the readers who are worried about the security and privacy of their digital information stored in the confines of their computers. 

According to the author, the internet users are at heavy risk, which can be mitigated to a great extent  if the security industry examines itself and changes for better. It is not only the hackers or lay users who are to be blamed for security disasters. Security industry needs to come out with products which provide  the promised security but without  impacting  the performance of the  user's system (most of the security products tend to slow down the system !).

Through 48 short yet interesting articles (4-5 pages average, 10 pages maximum.) , the author provides his  perspectives on the security industry, identifies glaring problems, shows what the industry can do differently to give the end users more value for their money.  He promises no "silver bullet", but hopes that  the security industry takes note of  his criticism and correct the things which are fundamentally wrong. 

The articles in this book gives the author's opinion on a wide range of security subjects and issues like :

• Anti-Virus (AV) products -   why they are slow; why they do not work well; what AV companies should be doing;  is it true that  AV companies create viruses they detect. 
• Is vulnerability research community helping to improve security ?
• Are Macs more secure than Windows PCs ?
• Open Security Standards
• Phishing, Identity Thefts
• Personal Firewall problems
• Why most people shouldn't run intrusion prevention system ?
• Google is Evil - it takes only half-way measures  to check click fraud in its online advertisements. Stringent measures are actually in conflict with its business interest.
• VPNs usually decreases security
• HTTPS sucks: lets's kill it
• CAPTCHA and the Usability/Security Tradeoff

Each article can be independently read, however I felt that the order of the articles could have been better organized - for e.g. AV related articles are scattered throughout the book (widely separated  chapters -6,8,12,22,23,39). Instead all the articles related to a subject could have been ordered closely.

I am not a security expert so I am not in a position to either support or oppose the author's views expressed in this book. But I found the articles written with a sense of humor a very good read and understood around 75 % of what he has to say.

Links:

• Table of Contents

The Code Book

Author:      Simon Singh
Published:  1999
Publisher:   Fourth Estate Limited
Hardcover: 416 pages

The need for information security which is  widely recognized in this Internet Age is not a new need at all. It,though not as pervasive as today,  has existed for thousands of years and has a fascinating history of its own.


The high risk of secret and confidential messages sent by kings, queens and army generals falling into the  hand's of the enemies led  to the development of codes and ciphers. This heralded the birth of  Cryptography which is a method of disguising a message in a manner that only the intended recipient can read it. To counter Cryptography the unauthorized message interceptors worked on breaking the code. Thus evolved the science and art of codebreaking i.e. Cryptanalysis.


So the entire history of cryptography is the story of ongoing battle between Cryptographers (code makers) and Cryptanalysts (code breakers). And this story - right from the origin of ciphers in ancient Greece till the recent advances (till 1999) in Quantum Cryptography- is brilliantly narrated by Simon Singh in this book.


Singh mentions in the introduction to the book the two main objectives of his writing this book.
The first one is to chart the evolution of  codes. He describes how the battle between codemakers and code breakers involved diverse range of disciplines like mathematics, linguistics, information theory, quantum theory etc. and their associated technologies and inspired a series of remarkable scientific breakthroughs. He also enthralls us with " stories of political intrigue and tales of life and death to illustrate the key turning points in the evolution of codes", just to mention a few - the Babington Plot, the unbroken Beale Cipher, cracking of the Enigma code by  Alan Turing (of the well known Turing Test fame), decipherment of Egyptian hieroglyphics through Rosetta Stone.
The second objective of the author is to demonstrate how the subject of cryptography is as relevant today as it was before. Apart from providing one of  the best explanation I have ever come across of the prevalent encryption algorithms , standards and techniques  like DES, RSA, PGP, he explores the promising Quantum cryptography which can lead to unbreakable ciphers. He also discusses the debate between two schools of thought - one which lobbies for  restricting   the use of cryptography to ensure law enforcement and national security and the one which presses for its widespread use to protect the privacy of the individual.


This book also introduces us to the tireless cryptographers and cryptanalysts who had to remain anonymous  and never gained public recognition during their lifetimes. This was due to the politically or militarily sensitive nature of their contributions and inventions which could not be disclosed to public.
For example, by 1975, James Ellis, Clifford Cocks and Malcolm Williamson working for Britain's Government Communications Headquarters (GCHQ) had discovered all the fundamental aspects of public-key cryptography. Yet they all had to remain silent since their work was a classified information. They had to sit back and watch as Rivest, Shamir and Adleman the researchers in MIT rediscovered their discoveries over the next three years and became famous in cryptographic circles for their RSA algorithm.
Similarily during Second World War, the work of Max Newman and Tommy Flowers resulted in development of Colossus machine in Britain. Colossus was a precursor to the modern digital computer. Yet it was destroyed after the war and those who worked on it were forbidden to talk about it. This secrecy on the part of British Government meant that Eckert and Mauchly of the University of Pennsylvania got the credit for the invention of the first digital computer- ENIAC.


The technical concepts in this book are very lucidly explained and should no pose problems for a lay reader. Also an extensive list of further readings has been provided for the readers who seek more details. 


One of the most interesting books I have read this year. It has sparked an interest for Cryptography in me. Hence strongly recommend it as an introductory book on history and concepts of Cryptography and Cryptanalysis !


Useful Links:
Cryptography section of the author's website which has :

• information about the TV series based on this book (The Science of Secrecy)
• some cryptograms(coded messages) for you to try and crack
•  a free downloadable CD-ROM version of The Code Book.

An Interesting Trivia from the Book:
Alan Turing (of the well known Turing Test fame) was conceived in the autumn of 1911 in India, where his father was a member of Indian civil service. His parents were determined that their child should be born in Britain, and returned to London, where Alan Turing was born on 23 June 1912 !

Information Security Management Principles

Authors:         David Alexander,              

                     Amanda Finch, David Sutton

Editor:           Andy Taylor

Published:      2009

Publisher:       The British Computer Society

Paperback:    216 pages

Readers in India:

This book is aligned to the syllabus of the CISMP (Certificate in Information Security Management Principles) exam conducted by the British Computer Society.

It consists of following four chapters:

1. Information Security Principles: Here the basic principles of Information Security are covered and specific terminologies are defined. The relationship between Information Assurance management and the environment in which it operates is also discussed.

2. Information Risk: In this chapter the basic terminology of risk is introduced. This is followed by discussion on potential threats, vulnerabilities  and the processes for understanding and managing the risks associated with Information Systems.

3. Information Security Framework: The basic principles for establishing and managing an Information Security Framework in an organization are covered in this chapter. The role, use and implementation of  policy, standards and procedures, Information Assurance governance, security incident management in this framework are then discussed.

4. Information  Security Controls: Here the controls implemented to protect against the security incidents are discussed in details along with the process of detection, prevention and mitigation of such incidents.

A simple and realistic case study with relevant exercises runs throughout the book. These exercises will give the readers some guidance on how to apply the Information System Management principles in real life situations.

The layout of the book could be better. The inside  pages have a  monotonous and soporific look being  densely packed with text with very few illustrations and almost indistinguishable section headings.

But overall a fairly good and concise introductory book on the subject.