The Cybersecurity Canon: Against the Gods: The Remarkable Story of Risk

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite. 

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!

Book Review by Canon Committee Member, Linda Cureton: Against the Gods: The Remarkable Story of Risk (1998) by Peter L. Bernstein

Executive Summary

As a former mathematics and classics student, I was intrigued by the book's early discussion of risk from a perspective ranging from the time of cave dwellers to ancient Greco-Roman philosophers. As a former chief information officer myself, I looked forward to confirmation of my notions of the importance of risk in any effective cybersecurity program. However, I came away conflicted as my inner Greek goddess was entertained, but the cyber executive in me was left wanting.

The author, Peter L. Bernstein, begins with an examination of human concepts of risk starting with our prehistoric ancestors through civilization in the period ending A.D. 1200. He then moves painstakingly through a history of the mathematics of probability, statistics and risk quantification that ends in the late 1990s.

Bernstein quotes prominent mathematician Jacob Bernoulli (December 12, 1654 – August 16, 1705 [Jacob Bernoulli, retrieved 2016]) as saying, “Nature has established patterns originating in the return of events, but only for the most part (Bernstein, 1996).” Well, one of the problems with the book from the perspective of a cybersecurity professional is its focus, for the most part, on risk as it relates to financial matters. The book offers a rich background for the reader whose interest lies in quantifying irrational human behavior to make money in the stock market. However, it offers little for the 21st-century cyber professional who seeks to better understand and measure risk.

About the People

New York City native Peter Lewyn Bernstein (January 22, 1919 – June 5, 2009) was a financial historian, economist and educator who was one of the best-known authorities in investment economics. His work reviewed here won the Edwin G. Booz Prize for the most insightful, innovative management book published in 1996. It also received that Clarence Arthur Kulp/Elizur Wright Memorial Book Award from The American Risk and Insurance Association (ARIA) for its contribution to the literature of risk and insurance. (Peter L. Bernstein, 2016)

The Story

Bernstein lays a foundation for understanding why the field of risk and risk management took hundreds of years to make significant advancements. He lays out three reasons for this void: the lack of interest in divine matters; the difficulty first mathematicians had with arithmetic; and the need to wait for civilization to pose compelling problems.

Early man had no reason to think about the future too much – if he couldn’t find food, he died. As civilization progressed, the future became no more than a whim of the gods and man lay helpless before nature. Things yet to be were considered “… mirror of the past or the murky domain of oracles and soothsayers …” who had dominion over such matters. Gambling or games or chance drove contemplation of such issues as probability and reward.

Bernstein provides a detailed historical analysis of the barriers and breakthroughs of early mathematics.  The Roman numbering system proved to be quite difficult to use for counting (imagine doing multiplication using Roman numerals). He provides narratives of the usage of the Hindu-Arabic numeral system, zero, negative numbers, and the calculus. These breakthroughs in mathematics provided early mathematicians the tools needed to make major progress in counting and calculating probabilities. But, other than gambling and academic puzzles, the practical problems did not present themselves until much later.

The author provides a fascinating discussion about society during the Renaissance period and the beginnings of the serious study of risk. This period was marked by religious free-thinking, new worlds discovered, bold exploration and capitalism. In this era, probability theory was transformed from a “gamblers’ toy into a powerful instrument for organizing, interpreting, and applying information.” (Bernstein, 1996)

Bernstein pivots into the financial industry after laying out the origins of the first insurance businesses.  He leads us into the birth of modern economics. Risk needed to be understood not only to set economic policy but also to manage and increase wealth in the stock markets. He ends with more contemporary discussions of how to quantify irrational behavior and minimize risk while maximizing reward.

The author has a few editing challenges in his book. The beginning and the end of the book read more like hurried afterthoughts. He overuses archaic language (though mercifully – my Kindle helped). Finally, while he moved sequentially through history, he tended to bounce around a bit, which made the book feel a bit disjointed.

Conclusion

If you are a mathematics history buff, this book is for you. This book would also be helpful to the technician looking for innovative ways to predict stock market performance in real time. However, other than the prospect of being able to develop smart algorithms to predict irrational human behavior and better protect cyber assets, I don't think it is Canon-worthy.

References

Bernstein, P. L. (1996). Against the Gods: The Remarkable Story of Risk. New York: Wiley and Sons.

Jacob Bernoulli. (2016, October 15). Retrieved October 19, 2016, from Wikipedia.

Peter L. Bernstein. (2016, May 22). Retrieved October 19, 2016, from Wikipedia