Ross Anderson's wonderful Security Engineering has recently become available online. The book is full of fascinating anecdotes and deep wisdom. Anyone interested in what computer security is really about (i.e., systems, not algorithms) should read it.
I also like his new article on the economics of information security. The abstract:
The economics of information security has recently become a thriving and fast-moving discipline. As distributed systems are assembled from machines belonging to principals with divergent interests, we find that incentives are becoming as important as technical design in achieving dependability. The new field provides valuable insights not just into ‘security’ topics (such as bugs, spam, phishing, and law enforcement strategy) but into more general areas such as the design of peer-to-peer systems, the optimal balance of effort by programmers and testers, why privacy gets eroded, and the politics of digital rights management.
In other words, the most important components in any security system are the people, and as economics is the study of how and why people make decisions, is very relevant to computer security. Another reason to get University of Chicago economists involved in the Computation Institute ...