Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > REVIEW: "Into the Breach", Michael J. Santarcangelo

Thread Tools

REVIEW: "Into the Breach", Michael J. Santarcangelo

Rob Slade, doting grandpa of Ryan and Trevor
Posts: n/a

"Into the Breach", Michael J. Santarcangelo, 2008, 978-0-9816363-0-6
%A Michael J. Santarcangelo Removed)
%C New York, USA
%D 2008
%G 978-0-9816363-0-6 0-9816363-0-6
%I Catalyst Media
%O Audience i+ Tech 1 Writing 2 (see revfaq.htm for explanation)
%P 110 p.
%T "Into the Breach"

The introduction states that security (which seems to be limited to
disclosure or breaches) is a "people" problem, and therefore requires
social solutions. This addresses a common problem: security
professionals, and even non-technical managers, concentrate on
breaches in systems and thus miss the real heart of the matter:

Although not overtly stated, part one seems to be related to the first
stage in the Strategy to Protect Information, understanding
information. Chapter one repeats the position that breaches are a
human problem. Security awareness is promoted in chapter two. In
chapter three an analogy is drawn between faddish security and crash
dieting, noting that neither works. Chapter four addresses risk

Part two suggests managing people. Chapter five outlines the
aforementioned Strategy to Protect Information: understand your
information assets, manage and communicate with your people, and
optimize your processes and systems. Implementing this strategy is
seen, in chapter six, as a five step process: learn the jobs, gather
information, priorize, plan, and communicate. Steps seem to be
missing, such as dividing your data or systems into elements for the
process. Guidance for planning is limited. Chapter seven suggests
making a trial run with a pilot project, which is a good idea.
Measurement of the success of the project is discussed in chapter

Part three deals with improvement. Chapter nine notes that the
strategy benefits overall management, which is unsurprising, since it
is basically a general management process. Costs of compliance with
regulations or standards are also partially covered, as is mentioned
in chapter ten, since a significant portion of the initial cost of
compliance relies on the type of research and analysis demanded by the
strategy. (However, a great deal of the content simply emphasizes the
importance of compliance.) The advice about outsourcing, in chapter
eleven, seems to be to audit the vendor. Chapter twelve closes off
the book with an exhortation to act.

Although generic, the strategy proposed is sound and likely useful.
This slim volume would help a significant number of managers and
security practitioners who are caught up in the latest security fad or
device, to the detriment of actual business (and personnel) needs.

copyright Robert M. Slade, 2009 BKINTBRE.RVW 20091012

(E-Mail Removed) (E-Mail Removed) (E-Mail Removed)
"Dictionary of Information Security," Syngress 1597491152
============= for back issues:
[Base URL] site
CISSP refs: [Base URL]mnbksccd.htm
Book reviews: [Base URL]mnbk.htm
Review mailing list: send mail to (E-Mail Removed)
or (E-Mail Removed)

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Announce] Dr. Michael Kay Shows the Way to Schema-Aware Queries and Stylesheets Stylus Studio XML 0 12-15-2005 08:26 PM
TKIP Michael MIC problems Fernando Enriquez Cisco 2 07-04-2005 03:15 PM
Dr. Michael Rys on Microsoft SQL Server 2005 and XQuery Tony Lavinio XML 0 03-02-2005 07:07 PM