When thinking about the security of their data and information, there are two things companies (and individuals) need to consider. First, they must insure they have the right hardware and software to prevent any leakage. Second, no matter how much technological protection they think they may have, companies must train their personnel to protect information from social engineers. Steven Levy, author of "Crypto: How the Code Rebels Beat the Government--Saving Privacy in the Digital Age" and Kevin Mitnick, author of "The Art of Deception: Controlling the Human Element of Security" discuss these topics but in very different ways.
While both authors are concerned for the security of data and information, Mitnick focuses strictly on the human element while Levy focuses of the software/hardware element. Not only do they differ in content, but the authors also differ in writing style. Levy writes his book like a historical documentary. Chapter one starts out in the late 1960s discussing Whit Diffy's life and rise in the crypto field. Levy describes the history of cryptography through the lives of key players in the field. Each chapter builds from the next and almost reads like a suspense, leaving the reader wondering what will be the next twist in the fight for privacy. Levy's audience seems to be anybody who is interested in crypto and the history of.
Mitnick's book, on the other hand, reads more like a training manual and best practices. His audience is corporate executives and business owners. In chapter one he writes, "The purpose of this book is to help you understand how you, your coworkers, and others in your company are being manipulated" by hostile social engineers. Mitnick believes it's the non-technical methods that intruders use to steal information from unknowing employees that should be a focus (and is often forgotten) when considering information security. Instead of reading like a narrative, live Levy, Mitnick relays his ideas through short stories covering different topics/methods. He tries to give his reader the perspective of the victim of a social engineer. In his stories, Mitnick allows his audience to "put [themselves] in their shoes and gauge how you yourself (or maybe on of your employees or coworkers) might have responded" (Ch. 1). This is a very effective writing style and allows the reader to really become engaged in the stories and forcing "what if" scenarios to wander through the reader's mind.
After each story, Mitnick does a recap or what he calls "analyzing the con". I also feel this is effective because he is able to break down the scenario for the reader perhaps pointing out key elements that could have been prevented had the victim been better trained or aware of social engineer tactics.
Overall, both books are very well written and both styles serve the purpose of the author very well. In terms of how quickly the author gets his message across and readability, I feel Mitnick does a better job.
I agree with your opinion of Mitnick. I thought he did a very good job sharing the information in an engaging way. It really was much like a training manual and the way he recaps the stories he leaves little room for confusion. I felt that his writing was clear and brilliantly displayed with his stories and captioned vocabulary.
ReplyDeleteI did enjoy Levy's writing as well. I thought it was interesting that you described it as a documentary. I thought of it as a historic novel. I think our views are very similar, but it is interesting to see the different perspectives through our class.