Adam Shostack, whose group blog Emergent Chaos I quote frequently in this blog, has a new book coming out with co-author Andrew Stewart: New School of Information Security.

We think there’s an emerging way of approaching the world, which we call the New School.

We start with a look at some persistent issues like spam and identity theft. From there, we look at why the information security industry hasn’t just fixed them, and some of the data sources which we rely on and how poor they are. We then look at some new source of data, and new ways of interpreting them, and close with some very practical steps that any individual or organization can take to make things better.

— The New School of Information Security, Adam Shostack, Emergent Chaos, 10 March 2008

I haven’t read the book yet, since it’s not published yet, but if it’s like the material he posts in his blog, it’s a good thing.

One of his commenters doesn’t get it: Continue reading →