Arts & Photography
Audio CDs
Audiocassettes
Biographies & Memoirs
Business & Investing
Children's Books
Christianity
Comics & Graphic Novels
Computers & Internet
Cooking, Food & Wine
Entertainment
Gay & Lesbian
Health, Mind & Body
History
Home & Garden
Horror
Literature & Fiction
Mystery & Thrillers
Nonfiction
Outdoors & Nature
Parenting & Families
Professional & Technical
Reference
Religion & Spirituality
Romance
Science
Science Fiction & Fantasy
Sports
Teens
Travel
Women's Fiction
|
 |
Mapping Security : The Corporate Security Sourcebook for Today's Global Economy |
List Price: $34.99
Your Price: $34.99 |
 |
|
|
|
| Product Info |
Reviews |
<< 1 >>
Rating: 
Summary: How to take your security blankets to foreign lands
Review: Taking your computer security blanket on the road is probably the hardest international corporate effort in the world today. There are the usual language and cultural differences that are part of any international joint venture, but these are the easiest aspects to handle. Far more difficult is the lack of interest, resources and time that plagues all computer projects. In the hyperactive world of software development, the traditional approach has been to get a functional product out the door as fast as possible, fixing problems later. Not only does this stress the testing phase, but it also means that the security weaknesses, which are often more subtle and difficult to correct, are ignored until complaints are heard. Playing the heavy in other countries is generally quite different from inside the U. S. and can be a major social blunder.
Secondly, many countries outside the U. S. have a vested interest in using software without a license or in tolerating (supporting) computer fraud. With funds for software extremely limited, piracy is rampant, and the local government only weakly, if at all, enforces international standards for the theft of intellectual property. This makes the establishment of security in most installations outside the U. S. extremely difficult. For example, I once read that one of the top five industries in Nigeria is the well-known bank scam promulgated via e-mail.
However, since many have no choice but to try to impose security standards on other cultures, the best you can do is understand the local terrain, laws and cultural attitudes towards computer security. In this book, Patterson first defines the Mapping Security Index (MSI), which is a metric based on the following criteria:
*) Communications throughput. This is computed by mapping IPs to locations and combining this with the actual bandwidth of the connections.
*) A measure of the probability of terror and the current political instability of the country. These rankings are negligible, low, medium, high and extreme risk.
*) Threats, an actual measure of the number of security incidents thought to originate in that country.
*) The Mapping Security Cross-Border Index (CBI). The CBI is a measure of the difficulty that a U. S. based company would experience in a particular culture. Unlike the others, it is almost exclusively subjective, based on cultural differences such as language, local customs and how much they differ from the U. S., and the corporate culture in the region. These factors are examined, and a score from 1 (least favorable) to 10 (most favorable) is assigned.
These four factors are then combined to make up the MSI.
For each country/ region examined, Patterson then assigns it a MSI and then describes some of the concerns unique to that region. The countries covered are all those in Europe outside the former Soviet block, Russia, the Czech Republic, the major countries of North America, Brazil, Columbia, Argentina, Chile, China, Singapore, Australia, Japan, India, Dubai, Israel, Saudi Arabia and South Africa. Most of the concerns deal with difficulties such as several layers of laws from the national government down to the state/province or even local level. Fortunately, since you would be a joint venture foreign relative to the country, most of the laws that you would have to deal with would be written and enforced by the national government. However, that is not always the case, so a thorough understanding of the relationships between the various levels of government is a necessity. For example, on page 133 there is a quote about how in Germany there are three levels of laws and regulations concerning data protection. There are local (state-specific) laws that differ between states, there are national laws and then there are the international laws of the EU.
His solution is the obvious one, although very difficult to implement. Find local people that you can trust and have them manage the cultural-specific aspects of the security. While easy to say, it is hard to do in practice. Few countries have the infrastructure that allows you to conduct effective background checks. The person that appears trustworthy may be a bandit with cronies in the government who are happy to provide them with the protection that will render your protests irrelevant.
The final chapter, whose serious title is "Whose Law Do I Break?", is an exercise in reality. Some laws exist, but are ignored by consensus and others don't exist, but are enforced with vigor. Different sets of laws are sometimes contradictory, so you may need to make a judgment call concerning the most appropriate course of action.
While you can't establish a fail-safe system of protection, by reading this book carefully and checking out the references, you can tilt the odds in your favor. Since that is all you can do, if working in other countries is a necessity, and most companies now consider that to be the case, then arm yourself. Study the advice in this book and then, prepare, prepare, prepare. My contribution to your effort is this review and my heartfelt, "Good luck!"
Rating:
Summary: GREAT sourcebook for anyone doing business electronically
Review: Every businesss owner or executive who does business to some degree outside of their home country should keep this book close at hand. The use of electronic means of communicating financial, product and customer data is growing exponentially around the world, and this book is a sourcebook for how to keep that data secure as it flows around the world. THIS is NOT an area of business that owners/execs/officers/directors can afford to stay in the dark about.
Rating:
Summary: Secure global ecommerce by Mapping Security
Review: From business executives who want and need to understand the complexities of securing global ecommerce, to consultants and sales people who support global companies, to analysts who evaluate these companies, this is a must read source book. While vast today, electronic commerce is growing very rapidly, and for many if not most companies, electronic commerce will determine success or failure. This book will not only help companies protect their investments in ecommerce, product, market and customer data, but it will also help map strategies for security as they expand to new markets.
Rating: 
Summary: Mapping Security
Review: Mapping Security
Tom Patterson with Scott Gleeson Blue
Now this is a first for the book review section, a book written about the process of Information Security. This is not a technical book, but one designed for those who find themselves in the position to manage Information Security at their company. Rightfully so, the subtitle for the book is "The Corporate Security Sourcebook for Today's Global Economy".
I must say that I loved reading this book, even though the process introduced was a new approach for me. The book starts out with the forward by Howard A. Schmidt who is the CSO of Ebay. It then dives into charting the course, where you map out your reason for existence and reading this book. This chapter seemed a bit drawn out, and certain comments made in this chapter almost turned me off from continuing. For example, in one part, the author makes the following comment "The number one reason that companies around the globe do not patch their Windows operating system is because it is stolen." It then goes on about how purchased operating systems are easy to patch. It was certain comments like this that concerned me on where the author got his facts from.
However, as I read deeper into this book, I realized that the author was not an expert on operating systems and patches, but had a great deal of experience working with countries from all over the world. Comments like "American take note: If you are outside the 50 states and everyone in the room is agreeing with you, they are either internally livid or externally lying." I couldn't agree with this statement more.
The book takes a turn and begins discussions on laws and processes, holidays and managements styles (to name a few), for most major countries, 30 key markets to be exact. This is where this book breaks grounds; it's not focused on the United States of America. It discusses best practices and key regulations, he also does a good job about summing up the impression that nation has on Americans.
This book is a must for the Security Officer who finds themselves traveling a lot, and responsible for Information Security in their organization.
Rating:
Summary: A Swiss Army Knife for International eCommerce
Review: Mapping Security does a singularly effective job at bridging technology and business, and creates a compelling case that the two are inexorably intertwined. Patterson's wealth of knowledge and experience in international commerce is breathtaking, and he is adroit at maneuvering between arcane, widesweeping regulations and personal anecdotes. In reading a pre-release copy, I was reminded of those print ads on the London Underground, consisting of three frames, each with a photo of a cricket: Depending on the country, the cricket is a pest, a pet, or a snack.
Patterson brushes aside the typical rah-rah platitudes of high-level business books, and recognizes that the real world is not always a tidy place, and that laws are complex and often contradictory. Expanding on the idea that without security, eCommerce is a non-starter, Patterson approaches security issues from both technological and legal/cultural perspectives. His insight is keen, his examples are topical, and his "war stories" are entertaining as well as informative.
In an era where the multinational company model is becoming the norm, and where American businesspeople are being treated with increasing disdain overseas, no C-level manager should ever board an international flight without having read "Mapping Security."
Rating: 
Summary: omits South Korea
Review: Maybe the strongest of this book is Patterson's assessments of the information technology and regulatory environments of major countries. Issues that you might need to be cognisant of, if your enterprise plans to do business globally.
However, he lumps India into a chapter on countries of the Middle East and Africa. Very 19th century appelation. But this terminology for the Middle East has been obsolete for over 60 years. It's unclear why in a book on technology, he uses such an anachronism.
More importantly, and unfortunately, he omits a section on South Korea. By contrast, he discusses Singapore, another Asian country that is much smaller in GDP. South Korea has one of the world's most extensive broadband deployment. This has led to its companies trying various business models tied to heavy broadband usage. Like massive multiplayer gaming, for example. Leaving South Korea out is a weakness of the text.
Rating:
Summary: Fabulous Insight Into Global Security
Review: Tom Patterson's "Mapping Security" gave me a strong sense of what it is like to implement security in a global setting. It provided insights that I rarely find in business books. The author's use of local experts in all of those countries really made a difference in how I view global business enterprises. Also, I love the MSI scores!
Laura Lake
Center For Advanced Technology
St. Petersburg
<< 1 >>
|
|
|
|
