The New School of Information Security is a book by Adam Shostack and Andrew Stewart, published by Addison-Wesley Professional in 2008. This part of the site contains information about the book, reviews that we’ve gathered, and some other material by Adam and Andrew. Adam and Andrew are both excited that there’s now a blog with additional contributors to the ideas we brought together. Neither of us edits or exercises any control over what anyone else says here. There are links to reviews and podcasts off to the right. For interviews, podcasts or review copies, please contact Andrea Bledsoe at Addison-Wesley. Her email is firstname.lastname@example.org (Pearson is Addison-Wesley’s corporate parent.)
From the preface, The New School of Information Security is:
- Learning from other professions, such as economics and psychology, to unlock the problems that stymie the information security field. The way forward cannot be found solely in mathematics or technology.
- Sharing objective data and analysis widely. A fetish for secrecy has held us back.
- The embrace of the scientific method for solving important problems. Analyzing real world outcomes is the best way for information security to become a mature discipline.