Review of the book ” Security without Obscurity ”

The book has seven chapters. As the subtitle suggests, the main concerns are confidentiality, authentication, and integrity (henceforth, CIA). Treatments on authentication, non-repudiation, privacy, and key management are all geared towards the above concerns. This work comes from a seasoned practitioner’s point of view. The author has extensive working experiences primarily in the financial service industry. He noted that widespread lack of sound technical know-how often led to repeated design and implementation mistakes. There are various reasons attributable to such a sorry state: limits to one’s knowledge, economic reasons, as well as genuine deficiencies in technical expertise even large organizations must deal with. This book was conceived to share compiled knowledge and observations about information security that the author had gathered over years as a practitioner. It emphasizes the importance of security standards by providing a roadmap showing various standards and their applicability to CIA to help stem the tide of LCD (lowest common denominator) security: minimal solution to apply the lowest possible cost and often the least effective security controls.