Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Into the Breach", Michael J. Santarcangelo

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKINTBRE.RVW 20091012 Into the Breach , Michael J. Santarcangelo, 2008, 978-0-9816363-0-6 %A Michael J. Santarcangelo michael@securitycatalyst.com %C
    Message 1 of 1 , Jan 11, 2010
      BKINTBRE.RVW 20091012

      "Into the Breach", Michael J. Santarcangelo, 2008, 978-0-9816363-0-6
      %A Michael J. Santarcangelo michael@...
      %C New York, USA
      %D 2008
      %G 978-0-9816363-0-6 0-9816363-0-6
      %I Catalyst Media
      %O www.intothebreach.com
      %O http://www.amazon.com/exec/obidos/ASIN/0981636306/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0981636306/robsladesin03-20
      %O Audience i+ Tech 1 Writing 2 (see revfaq.htm for explanation)
      %P 110 p.
      %T "Into the Breach"

      The introduction states that security (which seems to be limited to
      disclosure or breaches) is a "people" problem, and therefore requires
      social solutions. This addresses a common problem: security
      professionals, and even non-technical managers, concentrate on
      breaches in systems and thus miss the real heart of the matter:

      Although not overtly stated, part one seems to be related to the first
      stage in the Strategy to Protect Information, understanding
      information. Chapter one repeats the position that breaches are a
      human problem. Security awareness is promoted in chapter two. In
      chapter three an analogy is drawn between faddish security and crash
      dieting, noting that neither works. Chapter four addresses risk

      Part two suggests managing people. Chapter five outlines the
      aforementioned Strategy to Protect Information: understand your
      information assets, manage and communicate with your people, and
      optimize your processes and systems. Implementing this strategy is
      seen, in chapter six, as a five step process: learn the jobs, gather
      information, priorize, plan, and communicate. Steps seem to be
      missing, such as dividing your data or systems into elements for the
      process. Guidance for planning is limited. Chapter seven suggests
      making a trial run with a pilot project, which is a good idea.
      Measurement of the success of the project is discussed in chapter

      Part three deals with improvement. Chapter nine notes that the
      strategy benefits overall management, which is unsurprising, since it
      is basically a general management process. Costs of compliance with
      regulations or standards are also partially covered, as is mentioned
      in chapter ten, since a significant portion of the initial cost of
      compliance relies on the type of research and analysis demanded by the
      strategy. (However, a great deal of the content simply emphasizes the
      importance of compliance.) The advice about outsourcing, in chapter
      eleven, seems to be to audit the vendor. Chapter twelve closes off
      the book with an exhortation to act.

      Although generic, the strategy proposed is sound and likely useful.
      This slim volume would help a significant number of managers and
      security practitioners who are caught up in the latest security fad or
      device, to the detriment of actual business (and personnel) needs.

      copyright Robert M. Slade, 2009 BKINTBRE.RVW 20091012

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Your secrets are safe with me and all my friends.
      victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
      http://twitter.com/NoticeBored http://twitter.com/rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.