If you don’t know who Bruce is, click the first link above and check him out. Or quit audit or security altogether. You don’t have to agree with him, but you better know what he thinks about risk and security.
This should be a standard IT auditor or security analyst question: Who is Bruce, name 2 books he wrote, and give a brief background re: his impact on security thought, culture, and technology. [oops – I finally produced a blockquote longer than my blog post. ha ha]
Other IAS blog posts about Bruce (or references to him):
Schneier’s Security Trade-offs (required reading)
My Favorite Windows Software (Bruce wrote 1 of them)
IT Security Pioneers (reference)
Clean Your Purse & iPod (reference)