REVIEW: "Into the Breach", Michael J. Santarcangelo

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Jan 11, 2010.

  1. BKINTBRE.RVW 20091012

    "Into the Breach", Michael J. Santarcangelo, 2008, 978-0-9816363-0-6
    %A Michael J. Santarcangelo
    %C New York, USA
    %D 2008
    %G 978-0-9816363-0-6 0-9816363-0-6
    %I Catalyst Media
    %O www.intothebreach.com
    %O http://www.amazon.com/exec/obidos/ASIN/0981636306/robsladesinterne
    http://www.amazon.co.uk/exec/obidos/ASIN/0981636306/robsladesinte-21
    %O http://www.amazon.ca/exec/obidos/ASIN/0981636306/robsladesin03-20
    %O Audience i+ Tech 1 Writing 2 (see revfaq.htm for explanation)
    %P 110 p.
    %T "Into the Breach"

    The introduction states that security (which seems to be limited to
    disclosure or breaches) is a "people" problem, and therefore requires
    social solutions. This addresses a common problem: security
    professionals, and even non-technical managers, concentrate on
    breaches in systems and thus miss the real heart of the matter:
    people.

    Although not overtly stated, part one seems to be related to the first
    stage in the Strategy to Protect Information, understanding
    information. Chapter one repeats the position that breaches are a
    human problem. Security awareness is promoted in chapter two. In
    chapter three an analogy is drawn between faddish security and crash
    dieting, noting that neither works. Chapter four addresses risk
    management.

    Part two suggests managing people. Chapter five outlines the
    aforementioned Strategy to Protect Information: understand your
    information assets, manage and communicate with your people, and
    optimize your processes and systems. Implementing this strategy is
    seen, in chapter six, as a five step process: learn the jobs, gather
    information, priorize, plan, and communicate. Steps seem to be
    missing, such as dividing your data or systems into elements for the
    process. Guidance for planning is limited. Chapter seven suggests
    making a trial run with a pilot project, which is a good idea.
    Measurement of the success of the project is discussed in chapter
    eight.

    Part three deals with improvement. Chapter nine notes that the
    strategy benefits overall management, which is unsurprising, since it
    is basically a general management process. Costs of compliance with
    regulations or standards are also partially covered, as is mentioned
    in chapter ten, since a significant portion of the initial cost of
    compliance relies on the type of research and analysis demanded by the
    strategy. (However, a great deal of the content simply emphasizes the
    importance of compliance.) The advice about outsourcing, in chapter
    eleven, seems to be to audit the vendor. Chapter twelve closes off
    the book with an exhortation to act.

    Although generic, the strategy proposed is sound and likely useful.
    This slim volume would help a significant number of managers and
    security practitioners who are caught up in the latest security fad or
    device, to the detriment of actual business (and personnel) needs.

    copyright Robert M. Slade, 2009 BKINTBRE.RVW 20091012

    --
    ======================

    "Dictionary of Information Security," Syngress 1597491152
    http://blogs.securiteam.com/index.php/archives/author/p1/
    http://blog.isc2.org/isc2_blog/slade/index.html
    http://twitter.com/rslade http://twitter.com/NoticeBored
    ============= for back issues:
    [Base URL] site http://victoria.tc.ca/techrev/
    CISSP refs: [Base URL]mnbksccd.htm
    Book reviews: [Base URL]mnbk.htm
    Review mailing list: send mail to
    or
    Rob Slade, doting grandpa of Ryan and Trevor, Jan 11, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Desktop Witness", Michael A. Caloyannides

    Rob Slade, doting grandpa of Ryan and Trevor, Sep 9, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    656
    Rob Slade, doting grandpa of Ryan and Trevor
    Sep 9, 2003
  2. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Biometrics", Samir Nanavati/Michael Thieme/Raj Nanavati

    Rob Slade, doting grandpa of Ryan and Trevor, Nov 26, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    841
    Rob Slade, doting grandpa of Ryan and Trevor
    Nov 26, 2003
  3. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "The SSCP Prep Guide", Debra S. Isaac/Michael J. Isaac

    Rob Slade, doting grandpa of Ryan and Trevor, Dec 12, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    555
    Rob Slade, doting grandpa of Ryan and Trevor
    Dec 12, 2003
  4. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Security+ Study Guide", Michael Pastore

    Rob Slade, doting grandpa of Ryan and Trevor, Feb 13, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    647
    Rob Slade, doting grandpa of Ryan and Trevor
    Feb 13, 2004
  5. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Principles of Information Security", Michael E. Whitman/Herbert J. Mattord

    Rob Slade, doting grandpa of Ryan and Trevor, Jun 30, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    1,356
    Rob Slade, doting grandpa of Ryan and Trevor
    Jun 30, 2004
Loading...

Share This Page