Schneier's security mantras are:

Security is a trade off.
Security is about people, not technology.
Security is about failure, not success.
Security is obtained by skilled intelligence gathering.

Because Schneier presents a collection of previously published articles and blog posts he repeats himself a lot, but that's OK as it reinforces the mantras all the more strongly.

When he writes of airport security, for instance. If our name is on a no-fly list, the clerk at the check in desk will not be permit us to board our flight. Why should he? If he does and we are terrorists, he's fired and maybe prosecuted. If he doesn't allow us aboard despite the fact we are upstanding citizens, he is praised for doing his job. Are we more secure? No. A genuine terrorist will probably avoid using a name on a no-fly list. And who manages this list? Can we check if our name is on it? No, we can't. If we do find out we are on the list, e.g. by being refused boarding for no adequate reason, can we get our name off it? No, there's no appeal process. The no-fly list is a bad system, it effectively sentences people without due process.

Compare this with the 1999 attempt to sneak explosives into the US from Canada. The culprit wasn't arrested because his name or license plate number were on a watch list but because a trained border crossing agent, Diana Dean, recognized suspicious behaviour and decided to investigate further. What led to her decision cannot be quantified or turned into a procedure, her instincts were honed by years of experience.

The applicable mantra in both cases is "Security is obtained by skilled intelligence gathering". Read the book for illustrations of the other mantras.

Schneier looks at other areas, including the security surrounding election systems the protection of privacy, cyberwarfare and others.

Overall an excellent account of what security is all about illustrated with detailed examples.

Vincent Poirier, Tokyo